Data Protection Information for Using ORENA SAVE FOCUS MICCAI
When you visit this website, especially if you participate in the ORENA SAVE FOCUS MICCAI Challenge ("Challenge"), we ("We," "DKFZ") process your personal data in accordance with data protection law, particularly the General Data Protection Regulation (GDPR). In this data protection information, we inform you about the processing of your personal data, applicable legal bases, your rights under the GDPR, and your rights vis-a-vis the competent data protection supervisory authority.
1. Name and Address of the Controller
German Cancer Research Center - Foundation under Public Law
Im Neuenheimer Feld 280
69120 Heidelberg
Germany
Phone: +49 (0)6221 420
Email: kontakt(at)dkfz.de
Website: www.dkfz.de
2. Name and Address of the Data Protection Officer
Data Protection Officer
German Cancer Research Center - Foundation under Public Law
Im Neuenheimer Feld 280
69120 Heidelberg
Phone +49 (0)6221 420
E-mail: datenschutz(at)dkfz.de
3. Accessing Our Website
When you visit our website, our systems automatically process so-called log files. These include:
- IP address of the requesting computer
- Type of internet browser used
- Version of the internet browser used
- Operating system and its version
- Pages accessed
- Date and time of visit
- Time zone difference to Greenwich Mean Time (GMT)
- Access status/http status code
- Referrer
The log files contain your IP address, which can be personal data, but it is shortened before storage. Therefore, it is not possible to identify you, and your data is not stored together with other personal data. The processing of the above data is necessary for the provision of our website. The legal basis for processing (shortening) your IP address for anonymization purposes is Article 6 (1) (f) GDPR. It is in our legitimate interest and consistent with the purpose of data minimization to perform this shortening.
4. Registration to Our Website
To participate in the Challenge, you must register on our website. For this, please provide a username, your professional email address, your first and last name, your institution and department, and other information requested on the registration form.
Your data will be processed for the purpose of managing your participant account and providing associated functions, such as participating in the Challenge. The legal basis for storing your customer account data is Article 6 (1) (b) GDPR.
We process your data through the app as long as you do not delete your participant account with us. You can request the deletion of your account at any time by contacting us (e.g., via email to the email address listed in points 1 or 2). You can also modify or delete many contents of your participant account within the app.
Beyond this, we only store your data to comply with our contractual (Article 6 (1) (b)) or legal obligations (e.g., tax obligations) (Article 6 (1) (c) GDPR). In this case, we will restrict your data so that it is only processed for the necessary purposes.
5. Contact (via contact form, email, or phone)
You have the option to contact us via email or phone. The personal data you transmit to us (e.g., first name, last name, email address, your message, and any attachments) will be stored by us. Data is not shared with third parties. Data is processed exclusively to handle your request. The legal basis for processing your transmitted data is Article 6 (1) (f) GDPR. It is in our legitimate interest to process your request, communicate with you, and provide an appropriate response to your request. Data is stored until it is no longer necessary for the purpose of the conversation with you and your contact request is fully resolved.
If your request is aimed at concluding a contract with us or occurs within an existing contractual relationship, the legal basis for the processing is Article 6 (1) (b) GDPR.
6. Recipients of Personal Data
Within our organization, only those persons who need your data to fulfill the above purposes have access to it. We also use service providers who process data on our behalf and are contractually bound accordingly.
7. Transfer to Third Countries
Personal data will only be transferred to countries outside the EU/EEA if this is necessary for the performance of the contract, legally required, or you have given your consent. In such cases, we ensure compliance with the legal requirements for such transfers.
8. Storage Duration
We store your personal data only for as long as necessary for the respective purpose or as long as statutory retention obligations exist.
9. Your Rights
You have the following rights under the GDPR, provided the legal requirements are met:
- Right of access
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object
- Right to revoke the declaration of consent
- Right to lodge a complaint with a supervisory authority
a. Right of Access
You have the right to request information about whether we process personal data concerning you. If that is the case, you have the right to information about this personal data and to the information listed in Article 15 GDPR, including the purposes of processing, the categories of personal data processed, the recipients or categories of recipients, the planned storage duration, and your rights.
b. Right to Rectification
You have the right to request the rectification or completion of the data we have stored about you if it is inaccurate or incomplete. We will make the rectification or completion promptly.
c. Right to Restriction of Processing
Under certain conditions, you have the right to request the restriction of the processing of your personal data by us. This is the case, for example, if you dispute the accuracy of the data; if you refuse deletion; in case of legal disputes; when checking an objection.
d. Right to Erasure
You have the right to request that we erase your personal data without undue delay if we are obliged to do so. This is particularly the case if your data is no longer necessary for the purposes; if consent has been withdrawn and there is no other legal basis; in case of unlawful data processing.
If we have made your personal data public and we are obliged to erase it under the above conditions, we will take reasonable measures, including technical measures, to inform other controllers processing your personal data that you have requested the erasure of all links to these personal data or of copies or replications of such personal data, unless this proves impossible or involves disproportionate effort.
However, your right to erasure does not apply, if the processing is necessary for, in particular:
- exercising the right of freedom of expression and information;
- for compliance with a legal obligation;
- for the assertion, exercise, or defense of legal claims.
e. Right to Information
If you have exercised your right to correction, erasure, or restriction of processing against us, we are obliged to inform all recipients to whom we have disclosed your personal data of the correction, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.
f. Right to Data Portability
Under certain conditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transmit this data to another controller.
g. Right to Object
If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for such purposes at any time. This also applies to profiling related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.
h. Right to Revoke the declaration of Consent
According to Article 7 (3) GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not retroactively affect the lawfulness of the processing.
i. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. You can exercise this right, in particular, with the supervisory authority in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.
An overview of the respective national data protection authorities of the countries and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html.
10. Status of This Data Protection Information
Status: March 2026