Privacy Policy
This platform is operated by BuildingBridges gGmbH. Within the scope of the projects offered here, BuildingBridges gGmbH acts as a processor on behalf of and according to the instructions of DontBePatient Intelligence GmbH, which is the controller responsible under data protection law.
In this Privacy Policy, we use, among others, the following terms:
a) personal data
Personal data means any information relating to an identified or identifiable natural person, hereinafter referred to as the “data subject”. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) processing
Processing means any operation or set of operations performed on personal data, with or without the aid of automated procedures, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
d) restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.
e) profiling
Profiling means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
g) controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or the law of the Member States.
h) processor
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) recipient
A recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation under Union law or the law of the Member States are not regarded as recipients.
j) third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
k) consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, in the form of a statement or another clear affirmative action, by which the data subject indicates that they agree to the processing of personal data relating to them.
We appreciate your interest. The protection of your personal data is an important concern for us.
1. Controller
The party responsible for data processing within the meaning of the General Data Protection Regulation (DSGVO/GDPR) is:
DontBePatient Intelligence GmbH
Ferdinandstr. 12
20095 Hamburg
Germany
Email: info@dontbepatient.com
Website: www.dontbepatient.com
2. Data Protection Officer
We have appointed a data protection officer for our company. You can contact them at:
Email: ds@dontbepatient.com or via the postal address of the controller with the addition “Data Protection Officer”.
3. Processor
The controller has commissioned BuildingBridges gGmbH with the technical implementation of the surveys, the hosting of the platform and the anonymised evaluation of the data:
BuildingBridges gGmbH
Ferdinandstr. 12
20095 Hamburg
Germany
Email: info@buildingbridges.social
There is a data processing agreement between DontBePatient Intelligence GmbH and BuildingBridges gGmbH pursuant to Art. 28 DSGVO/GDPR, which guarantees the protection of your data and compliance with the highest security standards.
4. Collection of data when visiting our website (log files)
When the website is used purely for informational purposes, BuildingBridges gGmbH collects, on behalf of the controller, only the data that your browser transmits to the server:
IP address, which is deleted immediately for anonymisation
Date and time of access
Browser type and version
Operating system used
Legal basis: Art. 6 para. 1 lit. f DSGVO/GDPR, legitimate interest in the technical stability and security of the website.
5. Cookies
The websites of BuildingBridges gGmbH use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.
By using cookies, BuildingBridges gGmbH can provide users of the website with more user-friendly services that would not be possible without setting cookies.
By means of a cookie, the information and offers on our website can be optimised in the interest of the user. Cookies enable us to recognise users of our website again. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to enter their data again every time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system.
The data subject can prevent the setting of cookies by our website at any time by making the corresponding setting in the internet browser used, thereby permanently objecting to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable under certain circumstances.
6. Conducting online surveys
The core purpose of the platform is to gain insights through surveys.
a) Voluntary participation and consent
Participation is entirely voluntary. By starting the survey and submitting the answers, you consent to the processing of the data by the processor (BuildingBridges gGmbH) for the purpose of evaluation by the controller (DontBePatient Intelligence GmbH). If health data is requested, this is done on the basis of your explicit consent pursuant to Art. 9 para. 2 lit. a DSGVO/GDPR.
b) Purpose of processing and anonymisation
Our shared goal is generally anonymised processing.
No identifiers: No IP addresses, names or email addresses are stored in direct connection with your survey answers.
Technical separation: If you leave an email address for notifications, it will be stored by BuildingBridges gGmbH in a separate database that is technically strictly separated from the survey data.
Anonymisation: BuildingBridges gGmbH prepares the data in such a way that DontBePatient Intelligence GmbH cannot draw any conclusions about a specific person, thereby avoiding re-identification.
Legal basis: Art. 6 para. 1 lit. a DSGVO/GDPR, consent.
Exception: If we carry out projects whose aim is to qualify patients for clinical studies or other activities involving personal interaction, we will request the necessary contact data. In every case, explicit consent pursuant to Art. 9 para. 2 lit. a DSGVO/GDPR is obtained for this.
7. Storage period
Standard case, anonymous survey: Once the data has been fully anonymised, the anonymous data sets are stored permanently for statistical and research purposes. A personal reference can then no longer be established.
Exceptional case, with personal interaction: If contact data is collected for follow-up studies, it will be stored for the duration of the project and for an additional 5 years, provided that no statutory retention obligations prevent this.
8. Disclosure of data
BuildingBridges gGmbH discloses your personal data only to the controller (DontBePatient Intelligence GmbH) or, on the controller’s instructions, to third parties, provided that explicit consent has been given or a legal obligation exists. The results of the surveys are generally published only in aggregated, anonymised form.
9. Hosting
The website and survey tools are hosted by BuildingBridges gGmbH with specialised IT service providers in Germany/the EU, which are also subject to strict data protection requirements.
10. Your rights as a data subject
Since DontBePatient Intelligence GmbH is the responsible controller, you should primarily assert your rights there. You have the following rights:
Right of access, Art. 15 DSGVO/GDPR
Right to rectification, Art. 16 DSGVO/GDPR
Right to erasure, Art. 17 DSGVO/GDPR
Right to withdraw consent, Art. 7 para. 3 DSGVO/GDPR, with effect for the future.
Note on anonymisation: Once a survey has been completed and the data set has been fully anonymised, no data can be deleted and no information can be provided, because it is no longer technically possible to assign the data to your person.
11. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your data.