Notes on data protection at DKMS

1. Overview

1.1 The protection of your personal data is very important to us. In order to ensure that all data processing procedures on our website and the services offered on our website are transparent and comprehensible for you as a visitor and user (hereinafter referred to as “user”) of our website, we explain in this Privacy Policy the type, scope and purpose of the processing of your personal data on our website.

1.2 When processing your personal data, we strictly observe the data protection requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

1.3 Personal data refers to any information that can be related to you personally and can be used to identify you, e.g., IP address, name, address, email data, user behavior.

1.4 This Privacy Policy is effective as of March 2018. Due to the ongoing development of our website and the services offered on our website or due to changes in legal or regulatory requirements, this Privacy Policy is subject to change. Accordingly, we reserve the right to amend the content of this Privacy Policy at any time. Any changes will be communicated by posting the amended Privacy Policy on our website. Unless otherwise specified, such amendments shall take effect immediately. We, therefore, recommend that you regularly review the Privacy Policy.

1.5 The Data Controller pursuant to Art. 4 (7) GDPR is DKMS gemeinnützige GmbH (see legal notice). Our Data Protection Officer can be reached at info@dkms.org or at our postal address with “The Data Protection Officer” as the addressee.

2. What personal data do we process?

We collect information from you when you visit our website or use the services we offer on the website. Depending on how you use our website, this may include the following information:

2.1 For informational purposes only: You can visit our website without providing any personal data. When using the website for informational purposes only, i.e., without donating money through our website, filling out a contact form, or otherwise submitting information to us, we do not collect any personal data, except for the data that your browser automatically transmits to our server to enable your use of our website.

For the technical provision of our website and to ensure the security of our information technology systems, it is necessary for us to process certain automatically transmitted information from you so that your browser can display our website and you can use it. This information is automatically collected every time our website is visited and stored in our server log files. This information refers to the computer system of the requesting computer. The following information is collected here:

  • IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Country of access,
  • Content of the request (specific page),
  • Transmitted data volume,
  • HTTP status code,
  • Website where the request originated from,
  • Operating system and its interface,
  • Language and version of the browser software,
  • Cookies on/off,
  • Notification whether access/retrieval was successful.

This information refers to the computer system used. We use this data (with the exception of the IP number of your computer) solely for statistical purposes to measure demand for our web content and services. The data is recorded cumulatively for all users of the website, which means that it is not possible to assign this data to a specific person. This data is not merged with data from other data sources.

2.2 In addition to the purely informational use of our website, we offer various services (monetary donation, registration set order, contact form) that you can use if interested. This generally requires you to supply additional personal data that we need to provide the respective service.

2.2.1 Contacting by email or contact form: If you contact us by email or one of the contact forms on our website, the data you provide will also be processed (your email address, possibly your name and telephone number) and stored by us in order for us to be able to answer your questions. User data can be stored in a Customer Relationship Management (CRM) system or similar.

2.2.2: If you use the option to donate money on our website, we will also process those data provided by you that are necessary to carry out the requested transaction. In this regard, the processing of your personal data differs, depending on the chosen means of payment:

• Payment by credit card: If you choose to pay by credit card, your name, address and email address will be processed by us for the purpose of completing the requested payment transaction and sending you a donation receipt, if applicable.

• Payment by direct debit: Insofar as you use the option on our website to make the monetary donation by direct debit, your name, address, email address and account details will be processed by us for the purpose of carrying out the payment transaction and, if necessary, sending you a donation receipt.

• Payment by PayPal: Should you decide to pay with the online payment service provider PayPal, you will be redirected to a PayPal website. PayPal is a service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider as well as a trustee and offers protective services.

Here, the data protection provisions of PayPal generally apply. These can be found in PayPal’s privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full?locale.x=de_DE. Any personal data you provide when choosing this payment method will only be processed by us to the extent necessary to allocate the payment made. This includes your name, your email address and, in some cases, your address. However, this only applies insofar as you have consented to your address and name being passed on to us as part of the payment process on the PayPal website in order to confirm your donation.

• Payment by bank transfer: Should you decide to pay by bank transfer, no further personal data will be processed during your visit to the website beyond the data processed during the purely informational visit to our website.

• Payment by SMS: Should you decide to make a donation by SMS, only your phone number will be processed by us.

2.2.3. Registration set order: Should you decide to order a set for registration as a stem cell donor when visiting our website, your name, address and email address as well as the information on your genetic background and your telephone number, insofar as you have provided us with these, will be processed by us in this context.

2.2.4 Links to third-party websites:

Our website contains links to third-party websites in various places. After clicking on the embedded link, you will be redirected to the website of the respective third-party provider. During the redirect process, user data is transferred to the respective third-party provider. If you send information to or via these third-party sites, we recommend that you read the privacy policies of these sites before providing them with any further information that may be personally identifiable. For information on how your data is processed on third-party websites, please refer to the respective privacy policies of the third-party providers. We are not responsible for how they operate or handle data.

3. For what purpose do we process your personal data?

3.1 We only process your personal data to the extent that this is necessary to provide a functional website and our content and services and where we are legally permitted to do so. The corresponding legal bases are listed individually below. Moreover, we are always entitled to process personal data if the data subject has consented (Art. 6 (1) a, Art. 7 GDPR), if we are obliged to fulfill contractual or pre-contractual obligations (Art. 6 (1) b GDPR), if we have to fulfill legal obligations (Art. 6 (1) c GDPR) or if we protect our legitimate interests (Art. 6 (1) f GDPR).

3.2 If you use our website for purely informational purposes, we only collect the data that is technically necessary for us to display our website to you and to ensure its stability and security. The legal basis for processing is our legitimate interest according to Art. 6 (1) (1) f GDPR.

3.3 When you contact us by email or contact form, your personal data will only be used for the purpose of answering your request. The legal basis for processing is our legitimate interest according to Art. 6 (1) (1) f GDPR.

3.4 If you use our website to donate money, your data will only be processed to the extent necessary for the fulfillment of the donation contract. The legal basis for the processing of your personal data is the fulfillment of a contractual obligation according to Art. 6 (1) (1) b GDPR.

3.5 Insofar as you request the sending of a registration set via our website, the data you provide in this regard will be used by us for the purpose of sending you the registration set by post and expediting the important process of registration. The information about your genetic background is only used to pre-fill the declaration of consent to be sent to you by post with the specified data and thus to expedite the processes of the registration procedure. We process your email address only for the purpose of dealing with any queries and information relating to the registration set order. The legal basis for the processing is the consent given by you in accordance with Art. 6 (1) (1) a GDPR.

4. How do we process your personal data?

When you use our website, your data is transmitted to us in encrypted form to prevent access by unauthorized third parties. We store your data on specially protected servers. Access to personal data is only possible for a few specially authorized DKMS employees, all of whom are familiar with and committed to the relevant data protection regulations.

5. Do we share personal data with third parties?

Only our employees have access to your personal data. In addition, we sometimes share personal data with order processors, in particular payment service providers, service providers and financial institutions with whom we cooperate. We are entitled to do this if the data subject has consented to this (Art. 6 (1) a, Art. 7 GDPR), if we thereby fulfill contractual or pre-contractual obligations (Art. 6 (1) b GDPR), if we thereby fulfill a legal obligation (Art. 6 (1) c GDPR) or if we safeguard our legitimate interests (Art. 6 (1) f GDPR). The service providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored on a regular basis. We conclude a so-called order processing agreement with order processors in accordance with Art. 28 GDPR, according to which they also undertake to comply with data protection.

We assure you that we do not sell or rent your information to other companies or organizations. Under no circumstances will we use your email address or other data without your consent for other purposes for which you have not given your consent.

6. How long do we store your personal data?

6.1 We will only store personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.

6.2 If you use our website for informational purposes only, we store your data on our servers exclusively for the duration of your visit to our website. Once you leave our website, your data will be deleted immediately.

6.3 If you contact us by email or one of the contact forms provided when using our website, we will delete the data collected in this context once it is no longer necessary to store it or restrict its processing if any statutory retention obligations exist. We check necessity on a regular basis.

6.4 If you have used our website to donate money and your contact details are processed by us in order to issue you with a donation receipt, your data will be stored by us until you have revoked your consent to the processing of your personal data or until you have requested the deletion of your personal data in accordance with the procedure described in section 8. In this case, your data will be blocked and deleted after the expiration of any existing legal retention periods (e.g., 10 years according to § 147 (1) of the German Fiscal Code (AO) for invoices, etc.).

6.5 Insofar as you have used our website to order a registration set, any personal data you have provided in this context will be stored by us until the relevant process has been completed by the return of the registration set. If, contrary to expectations, the set is not returned to us within a certain time frame, your data will be blocked after we have attempted to contact you by email twice without success for the purpose of requesting the return of the set, i.e., you will generally not receive any further communications from us. The data can now only be accessed to a limited extent by a few of our employees for the purpose of preventing repeat orders of registration sets by the same person while the return of the set is still pending. After this purpose has also been fulfilled, your data will be deleted.

6.6 Insofar as you have signed and returned the registration set and the declaration of consent contained therein to us, the further processing of your personal data shall be based on this declaration of consent.

7. Why do I receive information or newsletters from DKMS?

7.1 You will receive medical information, news about process changes or general information concerning your individual process from us if you have made a monetary donation, ordered a registration set or are registered as a stem cell donor with us. This is exclusively process-related information and not advertising mails.

7.2 We would like to provide you with background information, which is why it is important for us to stay in contact with you, especially if you are a registered stem cell donor. The transfer of the information specified in section 7.1. is essential for the efficient execution of a possible stem cell donation. The primary purpose of this is to keep in touch with our donors and thus increase the likelihood of you remembering your registration as a potential stem cell donor, which may have been years ago. Upholding a minimal level of communication improves the potential for delivering second chances at life. Only in this way can we reliably guarantee the availability and accessibility of potential stem cell donors and ensure that, in the event of a “match” with a sick patient, our donors can actually be reached and are available under the contact data stored with us. In the case of stem cell donation, the availability of the potential donor is elementary, as time is of the essence for the affected patient.

7.3 Insofar as you have consented to this, you will also receive newsletters (advertising mails) containing exclusively general information about our activities, in addition to the information listed in Section 7.1.

7.4 If you no longer wish to receive the newsletter in the future, you can unsubscribe from this service at any time and without giving reasons. For this purpose, please send an email with the subject “NONEWS” to nonews@dkms.org or notify us via the contact details provided in the legal notice.

8. What are my rights?

8.1 You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will gladly provide you with information about this personal data and the information listed in Art. 15 GDPR.

In addition, you have the following rights vis-à-vis us:

• Right to rectification, Art. 16 GDPR,

• Right to erasure, Art. 17 GDPR,

• Right to restriction of processing, Art. 18 GDPR,

• Right to data portability, Art. 20 GDPR,

• Right to object to processing, Art. 21 GDPR.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, under the conditions set out in Article 77 GDPR, if you believe that the processing of your personal data infringes data protection law.

8.2 If you have given your consent to the processing of your personal data, you can revoke this consent at any time. If you revoke your consent, this will restrict us from processing your personal data once you have notified us of your revocation. You can also limit the revocation of the processing of your personal data to specific purposes (e.g., newsletter) (restriction of processing).

8.3. If you wish to exercise your rights described above, please submit your request to: DKMS US, 100 Broadway, NY, NY, 10005 or by email: info@dkms.org.

9. How do we use cookies and how do we access information already stored in the terminal device?

9.1 In addition to the data specified above, we use cookies to make our website available to you. Cookies are small text files that are saved on your hard disk, assigned to the browser that you use, and which supply certain information (see below for details) to the party that set the cookie (in this case, to us). Cookies cannot execute any programs or transfer viruses to your computer. They serve to make the website as a whole more user-friendly and more effective.

9.2 Cookies are stored either temporarily for the duration of the session (session cookies), or permanently (persistent cookies) on your device. Session cookies are automatically deleted after the session ends. Persistent cookies are only deleted when you, the user, delete them or after a period of time has elapsed. Cookies can be stored for us and our website (first-party cookies) as well as by and for third-party companies (third-party cookies). This enables the use of certain services from third-party companies. Cookies have different functions, split into four categories:

  • technically necessary cookies
  • functional cookies
  • analytical cookies
  • advertising/tracking cookies.

Technically necessary cookies are required for the function of our website. Functional cookies facilitate the use of our website and improve its functions. Analytical cookies are used to collect information about your usage behavior in order to make the website even better for you. Advertising/tracking cookies are used to provide you with interest-based advertising.

View and edit your cookie settings for our website:

Cookies are stored on your device and transmitted from it to us or third-party companies. As the user, you have full control over the use of cookies on your device. You can prevent cookies from being stored on your device by making the appropriate settings in the internet browser you are using. Cookies already stored can be deleted at any time. If our website cookies are deactivated and/or deleted, it may no longer be possible to use all functions of the website without restriction.

9.3 You can configure your browser settings according to your preferences and, for example, refuse to accept so-called third-party cookies or all cookies. Moreover, you can prevent or restrict the installation of cookies through the relevant settings of your Internet browser. You can also delete previously stored cookies at any time. However, the steps and measures that are necessary to do so depend on the specific Internet browser that you use. If you have any questions, therefore, please refer to the help function or documentation for your Internet browser or contact the corresponding manufacturer or support. If no consent is given in the “Privacy settings” pop-up (or if it is revoked via the “Privacy settings” link in the footer), only cookies that store this block decision are set.

9.4 We use “local storage” and “session storage” as alternatives to cookies that are integrated in the browser. The web storage stores the data securely in the user’s browser and does not transmit it unencrypted over the Internet.

9.4.1 Local storage: The scope includes all browser windows/tabs and is cleared only by JavaScript or with the browser cache.

9.4.2 Session storage: The scope includes an individual browser window/tab and is automatically cleared when the browser window is closed.

9.5 To manage the storage of information in your equipment, such as cookies, or access to information already stored in your equipment, we use the consent management tool:

Piwik PRO Analytics Suite ("Piwik PRO") of the company Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany.

The consent management tool includes the "pop-up" element of a graphical user interface, to request privacy settings. When you first visit our site, we use the pop-up, "Privacy settings“ to actively ask for your permission, to collect analytical data about your user behavior . You can also use the pop-up "Privacy settings" to decide for yourself whether external content is displayed on our site.

In the footer of our website, the consent to cookies, analytics, tag manager, social embeds and YouTube can be viewed, activated and deactivated at any time. The individual uses can be specifically enabled and disabled. All of the following points are dependent on the user granting this consent. If no consent is granted in the privacy settings pop-up or revoked via the privacy settings link in the footer, only cookies that save this block decision are set.

Piwik Pro may use the following cookies, whose category, purpose, domain and storage period are indicated below, as exemplified by the Provider.

Name: _pk_id.<appID>.<domainHash>.
Category: First Party
Purpose: Used to recognize visitors and record their various attributes.
Domain: dkms.org
Storage period: 13 months for non-anonymous visitors

30 minutes for anonymous visitors if 30 minutes cookie option is enabled
Name: _pk_ses.<appID>.<domainHash>
Category: First Party
Purpose: Indicates the visitor's active session. If the cookie does not exist, it means that the session ended more than 30 minutes ago and was counted in the _pk_id cookie.
Storage duration: 30 minutes

Name: ppms_privacy_<appID>
Category: First Party
Purpose: Stores visitor's consent to data collection and use.
Domain: dkms.org
Storage period: 12 months

Name: stg_traffic_source_priority
Category: First Party
Purpose: Stores the type of source from which the visitor came to your website.
Domain: dkms.org
Storage time: 30 minutes

Name: stg_last_interaction
Category: First Party
Purpose: Indicates whether the last visitor's session is still running or a new session has started.
Domain: dkms.org
Storage period: 365 days

Name: stg_returning_visitor
Category First Party
Purpose: Indicates whether the visitor has been to the site before - a returning visitor.
Domain: dkms.org
Storage period: 365 days

Name: stg_fired__<conditionID>
Category: First Party
Purpose: Indicates whether the tag and trigger combination was triggered during the current visitor session. This cookie can be set multiple times with different condition IDs.
Domain: dkms.org
Storage duration: Until the end of the session

Name: stg_utm_campaign
Category: First Party
Purpose: Stores the name of the campaign that brought the visitor to your website.
Domain: dkms.org
Duration of storage: Until the end of the session

Name: stg_pk_campaign
Category: First Party
Purpose: Stores the name of the campaign that led the visitor to your website.
Domain: dkms.org
Storage duration: Until the end of the session

Name: stg_externalReferrer
Category: First Party
Purpose: Stores the URL of the website that referred the visitor to your website.
Domain: dkms.org
Storage duration: Until the end of the session

Name: _stg_optout
Category: First Party
Purpose: Helps to disable all tracking tags on your website.
Domain: dkms.org
Storage period: 365 days

Name: _pk_cvar.<appID>.<domainHash> (deprecated).
Category: First Party
Purpose: Stores a custom variable that is part of the visit scope.
Domain: dkms.org
Storage duration: 30 minutes

The legal basis for the use of technically necessary cookies is Section 25 (2) No. 2 TTDSG.

The processing of data through the use of this cookie takes place in order to obtain the legally required consent for the use of cookies and data processing (Art. 6 para. 1 lit. c) DS-GVO).

The data will be deleted by us as soon as it is no longer required for documentation purposes, you request us to delete it or delete the cookie yourself.

The legal basis for the use of technically necessary cookies is Section 25 (2) No. 2 TTDSG.

The processing of data through the use of this cookie takes place in order to obtain the legally required consent for the use of cookies and data processing (Art. 6 para. 1 lit. c) DS-GVO).

The data will be deleted by us as soon as it is no longer required for documentation purposes, you request us to delete it or delete the cookie itself.

For more information about PiWik PRO's privacy policy, please visit: https://piwikpro.de/datenschutz/

When you access our website, the Consent Management Tool will set cookies on your equipment in order to obtain your decision made to store information in your equipment or to access information already stored in the equipment (Section 25 (1) Sentence 1 TTDSG) and to obtain your decision made regarding consent to the processing of your personal data (Art. 6 (1) lit. a DS-GVO) and to document this in accordance with data protection law.

10. Processing of your user data by web analysis tools and online marketing services.

10.1 Meta Conversions-API

We use the marketing and analytics service Meta Conversions-API Gateway ("Meta C-API Gateway") of the company Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland on our website.

Meta C-API Gateway is a server-side event tracking tool to analyses the behaviour of website visitors, serve personalized ads to Meta Facebook users and so determine the success of an advertising campaign. This service is inserted on the server side of the web servers, with which the events to be tracked are transmitted to Meta for evaluation by means of Meta pixels implemented in your browser and via a programming interface (Application Programming Interfaces or API for short) the user behaviour.

When you visit our website, extensive personal data is processed via this service. Information stored on your device is accessed and the IP address, a user ID, the browser ID, the advertising ID, the click ID and a product ID are processed. If you have a Meta Facebook account and visit our website with this account, the e-mail address, telephone number, name, gender, birthday, city, post code, state and country, Facebook ID are also processed, where you have added this data to your account or it is held. If you are logged in to Meta Facebook, this information is also assigned to your user account; you can prevent this by logging out beforehand.

This Meta Service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The parent company Meta Platforms Inc. is located at 1 Hacker Way, Menlo Park, CA 94025, USA. According to Meta, the collected data is also transferred to the parent company in the USA. In the case of the USA, the EU Commission has decided that there is an adequate level of data protection within the meaning of the GDPR. An adequacy decision according to Art. 45 DS-GVO exists (EU-U.S. Data Privacy Framework), as far as the service-providing U.S. company is certified and is therefore on the "Data Privacy Framework List" (or in short: DPF List). Meta Platforms Inc. has been included in the DPF List as a certified company.

You can adjust your advertising settings independently in your Meta Facebook account settings by clicking on the following link and logging in: https://www.facebook.com/settings?tab=ads.

For the use of the Facebook service, the privacy policy and terms of use apply. You can view these at https://de-de.facebook.com/about/privacy and https://www.facebook.com/legal/terms.

We delete the data as soon as it is no longer needed for statistical purposes, and, at the latest, after 180 days.

The provision of your data for Meta C-API is neither legally nor contractually required and is not necessary for the conclusion of a contract.

10.2 Meta Pixel

Meta Pixel is a marketing service to analyses the behaviour of visitors to the website, serve personalised ads to Meta users and thus determine the success of an advertising campaign. This service is inserted through a script that implements the analysis and with which Meta can track your user behaviour, if you have arrived at our website through Meta Facebook Ads. When you visit our website, a direct connection is established to Meta's servers and information about your user behaviour is transmitted.

In this context, we have activated the advanced data matching function, or automatic advanced matching. This involves the additional processing of additional data - e-mail address as hash value, personal data, address and/or telephone number - provided that you have made this data available to us as part of your membership account. This gives us the opportunity to adapt our advertising campaigns even more specifically to our interested customers. If you are logged in to Meta Facebook, this information is also assigned to your user account; you can prevent this by logging out beforehand.

Meta Pixel may use the following cookies, whose category, purpose, domain and storage period are indicated below, as described by the Provider by way of example.

Name: _fbp
Category: Third Party
Purpose: This cookie is set by Meta to display advertisements after visiting the website when it is either on Meta Platforms or on a digital platform operated by Meta Advertising.
Domain: dkms.XX
Storage period: 3 months

The legal basis for the use of technically necessary cookies is § 25 para. 2 no. 2 TTDSG.

The legal basis for the use of tracking / marketing or analytical cookies is your consent in accordance with Section 25 (1) TTDSG.

The processing of personal data is based on your consent (Art. 6 para. 1 lit. a) DS-GVO).

This meta service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The parent company Meta Platforms Inc. is located at 1 Hacker Way, Menlo Park, CA 94025, USA. According to Meta, the collected data is also transferred to the parent company in the USA. In the case of the USA, the EU Commission has decided that there is an adequate level of data protection within the meaning of the GDPR. An adequacy decision according to Art. 45 DS-GVO exists (EU-U.S. Data Privacy Framework), as far as the service-providing U.S. company is certified and is therefore on the "Data Privacy Framework List" (or in short: DPF List). Meta Platforms Inc. has been included in the DPF List as a certified company.

You can adjust your advertising settings independently in your Meta Facebook account settings by clicking on the following link and logging in: https://www.facebook.com/settings?tab=ads.

For the use of the Facebook service, the privacy policy and terms of use apply, which you can view at https://de-de.facebook.com/about/privacy and https://www.facebook.com/legal/terms.

We delete the data as soon as it is no longer needed for statistical purposes, and, at the latest, after 180 days.

The provision of your data for Meta Pixel is neither legally nor contractually required and is not necessary for the conclusion of a contract.

10.3 Piwik Tag Manager

We continue to use Piwik PRO Tag Manager on our website. This service allows website tags to be managed via an interface. Piwik PRO Tag Manager does not set any cookies, only tags, and does not collect any personal data. The service triggers other tags, which in turn may collect data. A tag is only triggered if the user has consented to this beforehand. If the user does not grant specific permissions in the “Privacy Settings” pop-up, the corresponding tags will not be triggered. Tags that do not process personal data are always loaded. However, Piwik PRO Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will apply to all analysis tags implemented with Piwik PRO Tag Manager.

For more information about Piwik PRO’s privacy policy, please visit https://piwikpro.de/datenschutz/.

10.4 AddSearch search function

The results from the search box on our website are made available by the web service of AddSearch Oy, Töölönkatu 4, FI-00100 Helsinki, Finland (“AddSearch”). When you actively use the search box on our website, a data transfer to AddSearch takes place. Only the search terms you enter and your IP address are transmitted.

In the context of the use of AddSearch, AddSearch uses “Amazon Web Services”, based in the USA, as an order processor. Accordingly, some data processing may also take place outside the EU or the EEA. To the extent that AWS thereby transfers your personal data to the USA, we will take precautions to protect your personal data in the best possible way, among other things by using standard contractual clauses of the EU Commission (Art. 46 (2) c GDPR.

For more information about standard contractual clauses for the transfer of personal data to processors outside the EU or EEA, please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

The transfer of your personal data for these purposes is based on our legitimate interest in providing you with the search function, pursuant to Art. 6 (1) f GDPR. Information is not transmitted until at least three characters have been entered in the search. No data will be sent to AddSearch prior to this. For information about AddSearch’s privacy policy, please visit https://www.addsearch.com/privacy/.

10.5 Amazon Web Services: Hosting

For hosting the database and web content on our website, we use the Amazon Web Services (“AWS”) service provided by Amazon Web Services, Inc. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018, as well as PCI DSS Level 1. We only have strictly limited access rights and the data is automatically encrypted.

For technical reasons, infrastructure maintenance may be carried out by AWS subcontractors from the USA. Accordingly, some data processing may also take place outside the EU or the EEA. To the extent that AWS thereby transfers your personal data to the USA, we will take precautions to protect your personal data in the best possible way, among other things by using standard contractual clauses of the EU Commission (Art. 46 (2) c GDPR.

For more information about standard contractual clauses for the transfer of personal data to processors outside the EU or EEA, please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

The transmission of your personal data for these purposes is based on our legitimate interest in being able to provide you with the technical infrastructure of our website, in particular web servers, databases and the sending of emails, pursuant to Art. 6 (1) f GDPR.

For more information about AWS and privacy, please visit https://aws.amazon.com/de/compliance/eu-data-protection/ and https://aws.amazon.com/de/privacy/.

10.6 Amazon CloudFront

As part of the web hosting with AWS, we continue to use technologies provided by AWS or by the Amazon CloudFront content delivery network (“CDN”). A CDN makes extensive media files available via a regionally distributed server network in order to conserve its own [JR1] server resources. Before the website loads in your web browser, we use Amazon CloudFront to build SSL encryption to the website and to build other security features to protect against harmful influences from the World Wide Web.

Amazon CloudFront relies on JavaScript code, so you can prevent it from running altogether by disabling JavaScript in your browser settings or installing a JavaScript blocker. Please note that our website may then not be displayed correctly.

During this process, your IP address and other data are transmitted to Amazon CloudFront.

The legal basis for this is our legitimate interest in ensuring the accessibility of our website, Art. 6 (1) f GDPR.

For more information, please refer to the Amazon CloudFront – Content Delivery Network (CDN) Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr. To prevent the execution of the Amazon CloudFront – Content Delivery Network (CDN) JavaScript code altogether, you can install a JavaScript blocker.

10.7. Google Ads (formerly Adwords) and Conversion Tracking

We use Google Ads and Conversion Tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). In case of your consent, if you click on a Google ad, a cookie will be set on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Thus, the cookies cannot be tracked across Google Ads customers' websites.
The information obtained using the cookie is used to create conversion statistics for Adwords customers who have opted in to Google Ads and conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.

Order processing:
The legal basis for the use of marketing cookies is Art. 6 (1) a) or Art. 49 (1) a) DSGVO in conjunction with your consent.

Revocation: You can revoke your consent to the use of marketing cookies and smart pixels at any time with effect for the future. You can find the link to the consent settings in the footer.

Objection to data processing: You can also prevent the cookie from being set by adjusting your browser software settings. In addition, you can deactivate the use of cookies by Google by following the link below and installing the plug-in provided there www.google.com/settings/ads/plugin or by deactivating Google Conversion Tracking at https://www.google.com/settings/ads/onweb/?hl=de.

More information about Google Ads (formerly AdWords) and Conversion Tracking as well as Google's privacy policy can be found at: https://www.google.com/privacy/ads.

11. What social media plug-ins do we use?

11.1 We use social media plug-ins from various social networks on our website. If you access a specific page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of the social networks after you have given your permission in the “Privacy settings” pop-up to display external content on our site. The content of the plug-in is transmitted directly to your browser by the social networks and integrated into the website by the browser. By making a selection in the “Privacy Settings” pop-up, you decide which external content is displayed on our website and you can change this setting at any time: https://www.dkms.de/datenschutz.

11.2 The integration of the plug-ins informs the social networks that you have accessed the corresponding page on our website. If you are logged in to one or more social networks, the social networks in question can assign the visit to your account. If you interact with the plug-ins, for example by clicking the “Like” button or sending a tweet, the corresponding information is transmitted from your browser directly to Facebook and Twitter and stored there.

11.3 We are not responsible for the services of third-party providers whose offers are linked on our website, such as Twitter or Facebook. These third-party providers are not able to associate the IP addresses with other personal data collected via the DKMS website. More information on data collection by third-party providers can be found on the respective websites of these providers.

11.4 We are currently using the following social media plug-ins: Facebook, Twitter and Instagram. We make it possible for you to communicate directly with the provider of the plug-in via the button. The plug-in provider is only notified that you have accessed the corresponding page of our website if you click on the highlighted field and thereby activate it. The data mentioned in section 2.1. of this Privacy Policy will also be transmitted. In the case of Facebook, the IP address is anonymized immediately in Germany after it has been recorded, according to the respective provider. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.

11.4.1 We have no control over the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing or the retention periods. We also have no information on the deletion of the collected data by the plug-in provider.

11.4.2 The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or the customized design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.

The legal basis for the use of the plug-ins is our legitimate interest in giving you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user, Art. 6 (1) (1) f GDPR.

11.4.3 The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly associated with your account at the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this prevents association with your profile at the plug-in provider.

11.4.4 Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers disclosed below. There you will also find further information about your respective rights and privacy settings.

11.4.5 Addresses of the respective plug-in providers and the URLs of their privacy policies:

• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information on data collection: https://www.facebook.com/help/186325668085084, https://www.facebook.com/about/privacy/your-info-on-other#applications, https://www.facebook.com/about/privacy/your-info#everyoneinfo.

• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

• Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

12. How are YouTube videos integrated?

12.1 We have integrated YouTube videos into our website, which are stored on the YouTube page of DKMS and can be played back directly on our website.

YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

12.2 By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data mentioned in section 2.1. of this Privacy Policy will also be transmitted. This occurs regardless of whether you have a YouTube user account that you are logged in to or not. If you are logged in to Google, your data is directly assigned to your account. If you do not want data to be assigned to your YouTube profile, you have to log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the customized design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the processing of your personal data, whereby you must direct the objection to YouTube and Google.

12.3 By integrating YouTube, we improve our offer and can make it more interesting for you as a user. The legal basis for the integration is our legitimate interest according to Art. 6 (1) (1) f GDPR.

12.4 For more information on the purpose and scope of data collection and processing by YouTube, please see its privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy

Please note that we have no control over how and for how long YouTube and Google retain this data. The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

13. Questions and comments

Do you have questions regarding our Privacy Policy? Then please contact our Data Protection Officer at info@dkms.org

Information about your right of objection pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data based on Art. 6 (1) f GDPR (data processing based on a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In individual cases, we also process your personal data for direct advertising purposes. If you do not wish to receive advertising, you have the right to object to this at any time; we will observe this objection for the future.

We will no longer process your data for the purposes of direct advertising if you object to processing for this purpose.

The objection can be made in any form and should be addressed to:

DKMS
40 Fulton Street, 26th Floor
New York, NY 10038

Email: info@dkms.org