Privacy policy

ئەم ماڵپەڕە تەنها بە زمانی ئینگلیزی وە ئەڵمانی هەیە.

(Information pursuant to Articles 13 and 14 of the General Data Protection Regulation - DSGVO)

The information relating to Article 13 and 14 of the General Data Protection Regulation (DS-GVO – Datenschutz-Grundverordnung) regarding the processing of data when making an appointment and receiving a vaccination against SARS-CoV-2 at the vaccination centres of the state of Baden-Württemberg can be downloaded here.

The Ministry of Social Affairs, Health and Integration Baden-Württemberg takes the protection of your personal data very seriously. For this reason, we have taken measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

The responsible party according to Article 13(1)(a) of the GDPR is the Ministry of Social Affairs, Health and Integration of Baden-Württemberg.

You can reach the responsible editor of the Ministry's website at:

Ministerium für Soziales, Gesundheit und Integration Baden-Württemberg
Else-Josenhans-Straße 6
70173 Stuttgart
internet@sm.bwl.de

The specific details of the persons responsible for the website can be found here: Legal notice.

You can reach the Data Protection Officer of the Ministry of Social Affairs and Integration at:

Ministerium für Soziales, Gesundheit und Integration Baden-Württemberg
Behördliche Datenschutzbeauftragte
Else-Josenhans-Straße 6
70173 Stuttgart
datenschutz@sm.bwl.de

1. Preface and selected terms

On the one hand, this privacy policy informs visitors and users of our website about the data processing operations that take place online and involve the processing of personal data. On the other hand, you will receive information about our processing operations that do not primarily take place online.

• GDPR is the abbreviation for the European General Data Protection Regulation.
• BDSG is the abbreviation for the Federal Data Protection Act in its current version.
• Personal data are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 para. 1 DSGVO). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
• The processing of personal data includes all operations, for example, the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 para. 2 GDPR).
• The data subject within the meaning of data protection law is any natural person from whom personal data are processed.
• Further definitions of terms can be taken from the General Data Protection Regulation, these can be found authoritatively in Art. 4 of the GDPR (Definitions).

2. Overview

The following contents provide you with a brief overview of the processing of personal data; more detailed information can be found in the respective passages presented in detail.

Security on our website (SSL Secure Socket Layer)

Our website is equipped with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message via a form. However, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.

Data you transmit to us

On this site, we process data that you enter yourself, for example in a form. In this case, the purpose of the processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by e-mail, for example, or contact us in some other way, we will process your data in accordance with the purpose of the contact.

Automatic server log files

On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves the defence against attacks, the analysis of access figures and the smooth operation.

Use of cookies

Cookies help us to provide various services, more information on this can be found in this privacy policy.

Analysis tools

In addition to the pure server log files, which also provide us with information about page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the flow of behaviour and, for example, the country from which access took place. In order for such services to function, cookies must be set on the page visitor or scripts must be executed.

Plugins und Content Delivery Networks

We sometimes use plugins and content delivery networks, well-known examples of such services being the video service Youtube or the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. This is usually your IP address and other metadata, such as the time and date of access. As a rule, this data is made available by setting cookies.

Other data recipients:

a) Use of processors

In accordance with the requirements of Art. 28 DSGVO, we use order processors, for example in the area of IT services, web hosting, e-mail hosting or printing services. These process personal data for us in accordance with instructions.

b) Use of non-specialist services

If it is necessary (for example, to execute a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax advisor or lawyer, for example.

c) Legal obligations

In addition, in certain cases we are obliged to make a report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to further legal obligations, such as trade laws or tax law, in this context we have to pass on certain data to tax authorities, for example.

d) Clarification of criminal offences

Insofar as it is necessary for the investigation of a criminal offence, we pass on data to the law enforcement authorities.

General information on deletion periods for personal data

We process the data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract; in addition, we are obliged to comply with statutory retention obligations. Relevant periods are usually §257 HGB and §158 AO with a retention period of up to ten years. In addition, the general limitation period according to §195 BGB (German Civil Code) is relevant in cases where we want to provide evidence in our legitimate interest that we have acted in a legally correct manner. If the data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a non-EU country

If possible, we try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for commissioned processing pursuant to Art. 28 DSGVO, taking into account appropriate guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we point out the circumstance where appropriate.

Obligation to provide personal data

The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it will not be possible for us to conclude and fulfil a contract with you.

3. Legal basis for the processing of personal data

The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are illustrated in particular in Art. 6 DSGVO. The legal bases according to which we process personal data are described in the individual processing operations in this data protection declaration.

Consent given (Art. 6 para. 1 lit. a DSGVO)

Consent is one of these legal bases and requires that the consenting person gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 para. 1 lit a DSGVO can be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 para. 1 lit. b DSGVO)

The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 (1) lit. b DSGVO.

4. Your rights under the General Data Protection Regulation

Every natural person has certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.

Right to revoke consent given in accordance with Art. 7 DSGVO

You can revoke your consent at any time without giving reasons with effect for the future.

Right to information according to Art. 15 DSGVO (restrictions possible according to § 34 BDSG)

You have the right to request information about the data processed about you and the purposes of the processing at any time.

Right of rectification according to Art. 16 DSGVO

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 DSGVO (restrictions possible according to § 35 BDSG)

You have the right to request the deletion of the personal data we process about you at any time. Insofar as complete deletion is not possible, for example because we have to comply with legal retention obligations or we can assert legitimate interests for another reason, we will restrict your data until the

Right to restriction of processing according to Art. 18 DSGVO

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data happened / is happening unlawfully, you may request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
• If you have lodged an objection under Article 21(1) of the GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Right to data portability according to Art. 20 DSGVO

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right to object to certain processing operations and direct marketing under Article 21 GDPR.

If the data processing is based on Art. 6(1)(e) or (f) DSGVO, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21(1) DSGVO).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) DSGVO).

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 DGVO in conjunction with Section 19 BDSG.

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

5. External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We have contracted the following hoster:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Deutschland

Conclusion of a contract on commissioned processing.

To ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

6. Automatic Server Log Files

Our web server automatically logs all accesses and thus also IP addresses of visitors. This serves to defend against attacks, analyse access figures and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f DSGVO).

In addition to the IP address, the server log usually also records other metadata about the session, this data can be found below.

• The date and time of the request
• Information about the type of browser and the version browser used
• Information about the operating system used
• Device (client)
• Referrer URL (via which page you landed on our site)
• Hyperlinks accessed

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

7. Cookie policy

1. General information

When you visit our website, information is stored on your terminal device in the form of cookies. A cookie is a small data record in the form of a file in which data such as personal page settings and login information are stored. With the use of cookies, we make it easier for you to use our online offer through various service functions (such as recognition of previous visits) and can thus better tailor the internet offer to your needs.

In addition, with your consent, we use cookies from third-party providers for analysis purposes and the integration of third-party content, such as videos.

You can prevent cookies from being stored and delete existing cookies by making the appropriate settings in your browser. The help function of most browsers explains how you can make these settings. However, if you do not accept cookies, this may impair the service functions of the Internet offer.

For comprehensive information on how to do this on a variety of browsers, visit the following websites: youronlinechoices, Network Advertising Initiative and/or Digital Advertising Alliance. You will also find details on how to delete cookies from your computer and general information about cookies.

2. Explanations on the use of cookies

2.1 Cookie types according to runtime

Session cookies: Session cookies are deleted at the latest when you leave our website and close your browser.

Persistent cookies: These cookies remain stored even after you have left our website and closed your browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example, your login details may be stored so that you are automatically logged in when you return to our website. Other Persistent Cookies are used for analysis, tracking and marketing purposes.

2.2 Cookie types by origin.

We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed via a third-party provider. We use various third-party cookies for analysis, tracking and marketing purposes.

2.3 Cookie types by function.

Technically required or necessary cookies.

These cookies enable the operation of our website, without technically necessary cookies our site would not be usable or only usable in a very limited way. For example, such cookies are used when you log in to our site or place a product in the shopping basket. In some cases, necessary cookies are also used for security purposes.

Analysis or statistics cookies.

Analysis cookies collect information about the behaviour of page visitors, provide information about the length of stay and which information was called up. Furthermore, information is collected about which website page visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimise our website based on the information collected.

Cookies that are set as part of the integration of third-party content.

For example, if a video from the Youtube service is embedded on our site, this service may also place cookies. These cookies can have various functions, some of which are functional, analysis or tracking cookies.

3. Legal basis and instructions for setting your preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 para. 1 lit. f DSGVO), we may only use other cookies with your consent (Art. 6 para. 1lit. a DSGVO). You can make your preferences regarding the selection of non-essential cookies at the beginning of your visit, furthermore you have the possibility to adjust your preferences at any time.

You can find the individual legal bases for the use of various tools that use cookies in the respective passages in our privacy policy. You can also find the legal bases in parallel in the Cookie Consent Manager.

4. Cookies overview

Below you will find an overview of which cookies we use.

Matomo
Provider: dranbleiben-bw.de
Purpose: Cookie from Matomo for website analytics. Used to store some details about the user, such as the unique visitor ID.
Cookie-Name: _pk_id
Cookie-Duration: 13 Months
Required cookie: yes

Matomo
Provider: dranbleiben-bw.de
Purpose: Cookie from Matomo for website analytics. Used to store the active visitor session.
Cookie-Name: _pk_ses
Cookie-Duration: 30 minutes
Required cookie: yes

8. Consent Management

We offer you the possibility to choose whether and which cookies and services you want to allow. For this purpose, we have implemented a so-called consent management, which is automatically displayed the first time you visit our website or after the expiry of the preference cookie. If you have confirmed your selection regarding cookies and services, a cookie will be stored in your browser to save your preferences.

Consent Management Settings

9. Data collection and data transmission initiated by the data subject

Communication by e-mail

If you send us an e-mail, we process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 para. 1 lit. b DSGVO and Art. 6 para. 1 lit. f. DSGVO. It is a legitimate interest to process your request quickly and efficiently.

Insofar as it is a product- or service-related message, we generally process your data on the basis of our legitimate interests according to Art. 6 para. 1 lit. f DSGVO.

Please note that we store all incoming e-mails for a period of ten years in accordance with the principles of proper accounting, starting on the first day of the following year in which the message was received. Therefore, to the extent that you request us to delete the data, we will henceforth restrict your data for processing and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax.

Even if you contact us by telephone or fax, we process your data either for the initiation and implementation of contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogously to contacting you by e-mail.

We do not record the content of conversations, but we may make notes for the purpose of processing your enquiry. We store these until the purpose of the data processing has been achieved and we no longer have a legitimate interest in processing them. If necessary, contents of the conversation will be stored anonymously for statistical purposes. Of course, you can request deletion at any time.

10. Analysis tools

Matomo

In order to design the website in line with requirements and to improve it on an ongoing basis, this online offering uses Matomo, an open-source software for the statistical evaluation of visitor access.

The information generated by the cookie about your use of this website is stored on our web server.

We use Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

Preventing the use of Matomo is possible by removing the following tick and thus activating the opt-out plugin:

The use of Matomo is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in analysing user behaviour in order to both optimise its web offering. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

The Matomo programme is an open source project. Information from the third-party provider on data protection is available at https://matomo.org/privacy/

11. Plugins and Content Delivery Networks

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. Furthermore, YouTube can save various cookies on your end device. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. The cookies remain on your terminal device until you delete them.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.

12. Our social media presence

Data processing by social networks.

We maintain publicly accessible profiles on social networks. Social networks such as Facebook, Twitter, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.

In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we are not able to track all processing on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet and to enable effective user information and communication with users. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).

Responsible person and assertion of rights.

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Duration of storage

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

We maintain profiles on the following social networks

Facebook

The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. We have entered into a data sharing responsibility agreement (Controller Addendum) with Facebook. This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

• You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads
• For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy
• Privacy policy specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data
• Facebook has certification under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Google / Youtube

Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

• You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated
• For details, please refer to Google's privacy policy: https://policies.google.com/privacy
• Google has certification under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

LEGAL NOTES

Copyright

© Ministerium für Soziales, Gesundheit und Integration Baden-Württemberg. All rights reserved. All images, graphics, texts, sound, video and animation files as well as CSS and programme files on this website are subject to copyright and other laws for the protection of intellectual property.

Reproduction, modification or use in other electronic or printed publications is not permitted without our express consent. Please contact us if you are interested.

Disclaimer

We assume no liability for the topicality, correctness, completeness or quality of the information provided. Liability claims against the Ministry of Social Affairs, Health and Integration Baden-Württemberg relating to material or non-material damage caused by the use or non-use of the information provided or by the use of incorrect or incomplete information are excluded, unless the Ministry of Social Affairs, Health and Integration Baden-Württemberg can be proven to have acted with intent or gross negligence.

Texts, images and graphics on this website are for descriptive and illustrative purposes. We can therefore accept no liability for any errors. However, we are grateful for any information. Please do not hesitate to contact us.

All offers are subject to change and non-binding. We expressly reserve the right to change, supplement or delete parts of the portal or the entire offer without separate announcement or to discontinue publication temporarily or permanently.

Objection to the disclosure of data

All persons listed on this website expressly object to any commercial use and disclosure of their data.

Links to other websites

We assume no responsibility for other websites that you can access via links on our portal - neither for the granting of data protection nor for their content.

If you discover faulty links, we would be grateful if you could send a short note to our web editors. In your e-mail, please add the link to the relevant page in our portal (copy the browser line at the top) and the relevant text passage. Thank you very much.