Privacy Policy

Privacy Policy

Storage of personal data

All personal data recorded via this page is treated strictly in accordance with the guidelines of the EU GDPR. Article 13 GDPR applies to the information obligation when collecting personal data from the data.

The aim and purpose of collecting the data is to improve, structure and organize the collaboration between the researchers involved. The data is used to send messages to participants of the platform, to display groups of participants within the platform and for the use of the collaboration software to exchange files, calendars and project management content.

If personal data (e.g. name, address or e-mail address, name of the clinic) is collected on the site, when creating a user account, it is always done on a voluntary basis. The data will not be passed on to third parties.

Other processed data include:

  • name and email, institution with location and assignment to groups
  • if applicable, profile pictures/pictures of the users
  • complete communication between the participants on the platform
  • file storage, calendar and project management
  • possible video server; videos are stored in the area of the platform, which is protected by login. Public accessible videos require the unanimous consent of all parties involved for this publication.

The collection of the data is based on the principle of the consent of the data subject (GDPR Article 6 paragraph 1 letter a). You have the right to revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the time of revocation.

Every person concerned has the right to have their data corrected in accordance with Article 16 GDPR, to have their data deleted or pseudonymized in accordance with Article 17 GDPR and to object in accordance with Article 21 GDPR. Each person has the right to restrict the processing of the data in accordance to Article 18 GDPR.

Every user has the right to lodge a complaint, if the person concerned is of the opinion, that the processing of personal data violates the regulation. The supervisory authority responsible for this can be contacted at the following address:

The state commissioner for data protection in North Rhine-Westphalia

Kavalleriestraße 2-4
40213 Düsseldorf

If a user makes use of the right to delete or lock the data, the user will be anonymized in all conversations. Uploaded data will be deleted. If documents are affected, because they have been edited together with other users, the user is anonymized here with his/her comments. Author rights remain with the user.

All data is stored on a server in Germany. A storage or transfer of stored data to servers/participants/organizations/companies abroad or in Germany is excluded from our side.

No services from external service providers are used. Access by external parties for technical support is also excluded.

The user can request information about data, blocking or deletion or pseudonymisation of data by writing an email to the following email address: Emails sent to this email address can only be read by members of the core orchestra team.

Files that were created in collaboration with other participants on the platform or that have been shared with groups of participants within the online platform for a purpose (e.g. filing files in a group folder) are blocked or deletion excepted.

The responsible data protection officer is:

Dominik Zier

The following data is stored to provide the offer and to quantitatively measure the number of hits:

  • IP address (anonymized/shortened)
  • website visited
  • time at the time of access
  • amount of data sent in bytes
  • source/reference from which the user came to the page
  • used browser, browser language and supported plugins
  • operating system in use
  • screen resolution
  • device type and brand

The data mentioned are processed by us for the following purposes

  • ensuring a smooth connection to the website
  • ensuring a user-friendly and personalized use of our website
  • evaluation of system security and system stability

Users can contact the operators of the website at any time using the contact form on the website. It is necessary to provide the first and last name and a valid email address. Providing further data is voluntary. The data processing for the purpose of contact is in accordance with Article 6 Paragraph 1 page 1 Letter a GDPR based on the voluntarily given consent.

For every recording of video conferences or similar, the agreement of the individual participants is asked before the recording. All those involved must agree to a recording, otherwise, the recording will not take place. Recordings of conferences, training courses and presentations are stored on the website in the protected area (only with a valid login).

Cookies are used for the protected area on the website. Information is stored for the use of the components of the forum/ social network. Knowledge of the exact identity of the user through the usage of cookies is excluded. Cookies can be deleted in the browser settings.

For the website, the open source software Matomo is used to analyze and statistically evaluate the use of the website in accordance with Article 6 Paragraph 1 Letter f GDPR used. For this purpose, cookies transmit information about website usage to the server. Only pseudonymous usage profiles are created. The information will not be passed on to third parties. IP addresses are only recorded anonymously and abbreviated so that the assignment to the user/participant is not possible (IP masking). The current visit to the website is recorded by Matomo web analysis. By activating the “Do Not Track” function in your browser, you can prevent data collection by cookies. You can usually find this function under “Settings -> Data protection”.

If unlawful access to the data on our server is detected, this will be reported immediately to The registered users will be informed about the external access.

Accounts and the associated personal data are inactivated after more than 3 years of inactive use and deleted after more than 5 years. All data will be stored for 10 years after the end of the Orchestra project and will then be destroyed.

External links, social media and third party content

The website integrates the following social media and networks via plugins:

  • Facebook
  • Twitter
  • YouTube

The website uses the two-click solution. Thus, initially no personal data is passed on to the plugin providers. The provider of the plugin is identified by its logo. The user can contact the provider of the plugin directly by clicking on the logo. In this case, the plug-in provider receives the information that the user has accessed the corresponding website. There is a transfer of personal data to the provider of the plugin. The operator of the website has no influence on the transmitted data (form and scope) and the following data processing operations. The operator does not know the purposes of the processing and storage periods. The provider saves the data collected as a user profile and uses this for personalized advertising, market research and/or the personalized design of its website. The user must exercise his/her right of objection to the creation of these profiles with the respective plug-in provider. The legal basis for the use of the plugins is provided by Article 6 Paragraph 1 page 1 Letter f GDPR given. Information on the purpose and scope of data collection and processing by the plug-in provider can be found in the data protection declaration of the respective provider.

The author rights for uploaded documents remain with the respective authors of the document.

The respective authors/persons are responsible for the respective content of documents, emails, videos, etc. In the event of illegal behaviour or the writing of discriminatory, sexist or racist comments or content, the operator of the platform reserves the right to delete the respective content and to delete the access of the person after prior information.

The above-mentioned, undesirable content can be reported by the members of the platform at In addition, there is the option of marking text messages for the administrators when questionable content is published. The website administrators are responsible for checking the content

The operator of the website can embed YouTube videos in the website. These videos are stored on The content is not stored on the website, but is only accessed via link by the website. The integration takes place in the “extended data protection mode”. No data about users will be transmitted to YouTube. Personal data is only transmitted to the provider of the plug-in when a video is played. The user must direct legal claims to YouTube to safeguard the rights of personal data.

Further information on the purpose, scope of data collection, processing, rights and setting options to protect your privacy can be found in the following data protection declarations:

Data security

The website uses the widespread TLS (Transport Layer Security) method. The highest encryption level of the browser used is supported, which is usually 256-bit encryption. If the browser does not support this encryption, the website uses 128 bit encryption. The encrypted transmission can be recognized by the representation of the lock symbol in the lower status bar of the respective browser. The operator of the website also uses suitable technical and organizational security measures to protect all data against any kind of manipulation, loss, destruction or unauthorized access by third parties.