Privacy policy

Thank you for your interest in our website and the University Hospital of Cologne. We operate the website for the purpose of providing helpful information about the University Hospital of Cologne and its clinics/facilities. We cannot accept any liability for external links to third-party content, despite careful checking of the content.

The protection of your personal data when it is collected, processed and used during your visit to our website is very important to us. Your data is protected in accordance with statutory regulations.

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations is the

University Hospital Cologne AöR
Kerpener Str. 62
50937 Cologne
Germany
Phone +49 221 478-0
Email presse@uk-koeln.de

Name and address of the data protection officer

Data Protection Office
Kerpener Str. 62
50937 Cologne
Germany
Phone +49 221 478-30946
Email datenschutz@uk-koeln.de

Below you will find information on what data is collected during your visit to the website and how it is used:

1. provision of the website

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is deleted

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • Website from which the access was made (referrer URL),
  • browser used and, if applicable, the operating system of your computer
    and the name of your access provider.

The aforementioned data is processed by us for the following purposes

  • Ensuring a smooth connection to the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

2. contact form

If you have questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide your first and last name and a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be deleted as part of a deletion concept after your request has been dealt with.

3. online application

We collect and process the following data from you to process your online application: Title, surname, first name, address, date of birth, e-mail address, references and CV data. You can also provide us with your telephone number and salary expectations. We will treat your data as strictly confidential in accordance with the statutory provisions. Your application will be processed and stored in the applicant database exclusively for the purpose of processing your online application. Your data will be automatically deleted three months after the end of the application process. Your written consent is required to store your data beyond the end of the application process. This consent is not given by your agreement to this privacy policy, but must be given separately if necessary. Your data will be encrypted for secure transmission. Your application data will not be passed on outside the University Hospital of Cologne.

4. online appointment allocation

Patients and their relatives can make an appointment online via our website. The following personal data is collected for this purpose: First and last name, date of birth, telephone number, e-mail address, appointment category, referring doctor if applicable and a free text field. We use the Doctolib tool from Doctolib GmbH, Mehringdamm 51, 10961 Berlin, Germany, for online appointments. The legal basis for the processing is the initiation of the contract or your consent, the purpose of the online appointment. Your data will be deleted in accordance with data protection regulations once the purpose no longer applies and the retention period has expired. Further information can be found in Doctolib's privacy policy: Privacy Policy Patients DE - clean (cloudinary.com)

5. whistleblower system

Employees of UKK and its subsidiaries, patients, suppliers and other groups of people can use the whistleblower system to report violations of internal regulations, laws, guidelines and ordinances by employees of UKK and its subsidiaries. You can make these reports anonymously or leave your contact details. In this case, we will process the following personal data: Surname, first name, e-mail address if applicable, IP address and any other personal data provided by the reporting party. The whistleblower system is operated with the help of the intrafox software from inworks GmbH, Höverlsinger Weg 39, 89081 Ulm. The legal basis is Art. 6 para. 1 f) GDPR (legitimate interest), as well as Section 26 para. 1 sentence 2 BDSG and Section 26 para. 2 sentence 2 BDSG, the purpose of which is the possibility of reporting non-compliant behavior by employees of the UKK Group. Your data will be anonymized or deleted once the purpose no longer applies, provided there are no legal obligations to the contrary. We will protect your data in particular and only pass it on if we are legally obliged to do so or if we have your consent to do so. In this case, however, we will contact you beforehand.

6. your rights

In accordance with Art. 7 para. 3 GDPR, you can revoke your consent at any time. As a result, we will no longer continue the data processing based on this consent in the future. In accordance with Art. 15 GDPR, you have the right to obtain information about the personal data stored about you, including any recipients and the planned storage period. If incorrect personal data is processed, you have the right to rectification in accordance with Art. 16 GDPR. If the legal requirements are met, you can request the deletion or restriction of processing and object to the processing (Art. 17, 18 and 21 GDPR). You also have the right to lodge a complaint with the supervisory authority:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
0211/38424-0
poststelle@ldi.nrw.de

7. cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 6). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

8. web analytics

We use the open source software Matomo to analyze and statistically evaluate the use of the website in accordance with Art. 6 para. 1 lit. f GDPR. Cookies are used for this purpose (see section 7). The information generated by the cookie about website usage is transmitted to our servers and summarized in pseudonymous usage profiles. The information is used to evaluate the use of the website and to enable a needs-based design of our website. The information is not passed on to third parties.

Under no circumstances is the IP address associated with other data relating to the user. The IP addresses are anonymized so that they cannot be assigned (IP masking). Your visit to this website is recorded by Matomo Web Analytics if you have consented to the recording in the cookiebot banner.


9. social media

1. use of social media plug-ins

  • We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA). As the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.
  • We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
  • The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
  • Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
  • Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

2. integration of YouTube videos

  • We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer.
  • When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
  • Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

3. integration of Google Maps

  • We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
  • When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
  • Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

Please note that when using the tools, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR (e.g. USA).

10 Data security

When you visit our website, we use the common TLS (Transport Layer Security) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support this, we use 128-bit encryption instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11 Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and was last updated in July 2024. It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements.