Legal & Impress

Terms of Use — Privacy Agreement — License agreement — Impress

Version of 2024-08-29

The following terms were translated from the German version. The German version is binding, and the translation is only offered for your convenience.

Terms of Use

The use of our services is at your own risk. We do not guarantee continuous operation of the services. We will communicate any foreseeable outages through the communication channels of the Medical Informatics Initiative.

The use of our terminology servers for integration into production processes (e.g., ETL processes) requires our explicit consent. We reserve the right to temporarily block your access if we determine that you are causing an excessive load (rate limiting). Requesting resources within a browser does not require our permission. If you occasionally request resources programatically, please notify us about your use of our server.

Access to our terminology servers is only possible within Germany in accordance with the license terms provided by our software manufacturer. To ensure this technically, the use of a suitable certificate is necessary (see [FAQ]). You are responsible for applying for the certificate yourself. In justified exceptional cases, you can request a suitable certificate from us.

With each access to our terminology server, we verify the validity of your certificate and require that the certificate was issued for an entity in Germany.

Before accessing our services, you are required to sign a use agreement. See here for more information.


Privacy Agreement

In the following, we would like to inform you about how we process your data.

Responsible with respect to the terms of the GDPR is:

  • Universität zu LĂĽbeck
  • Service Unit Terminologische Dienste c/o Sektion fĂĽr Klinische Forschungs-IT
  • Ratzeburger Allee 160
  • Tel.: +49 451 3101 5646
  • E-Mail: [email protected]

The data protection officer for the University of Luebeck is available at:

  • x-tention Informationstechnologie GmbH
  • Margot-Becke-Ring 37
  • 69124 Heidelberg
  • Tel.: +49 451 3101 1903
  • E-Mail: [email protected]

If you contact us by email, the data you provide will be stored by us to process your request. We will delete this data as soon as it is no longer necessary to store it, or we will restrict its processing if there are any legal retention requirements.

Your rights as data subject

As the data subject, you have the right to access, correct, or delete your personal data. You also have the right to restrict processing and to object to the processing of your data. If you have given us your consent, you can revoke it at any time with effect for the future.

Please send your objection informally to the contact address above.

Furthermore, you have the right to data portability. You also have the right to lodge a complaint with a supervisory authority. A list of the competent authorities can be found here.

Log files and data processing

When you use our terminology servers, log files are automatically generated. These log files contain technical information such as your IP address, the certificate you present (Distinguished Name), the requests you make, and any error messages.

Purpose of processing

  • Troubleshooting: Log data helps us identify and resolve technical issues to ensure the smooth operation of our services.
  • System analysis: By analyzing log data, we can evaluate the usage of our servers and optimize our services.

Legal basis

The processing of your data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), as data processing is necessary for the provision and improvement of our services.

Storage duration

Log files are generally stored for a maximum of two weeks. After this period, they are automatically deleted.

Anonymized usage data

We also extract anonymized usage data from the log files to analyze, for example, the frequency of specific requests or the utilization of our servers. This anonymized data is not personal data and is therefore not subject to the GDPR. It is stored for long-term analysis and improvement of our services. We will not correlate requests in time, i.e. we will, for example, never correlate $expand requests with subsequent $lookup requests, which would allow us to track the selection of codes in user interfaces.

Hosting

For hosting our website, we use GitLab Pages. The website itself is static, meaning that no data from you is processed by us. Through hosting on GitLab Pages, GitLab can perform logging, but we do not have access to this data. Please refer to GitLab’s privacy policy for more information.

Our terminology servers are hosted as follows:

  • ontoserver.mii-termserv.de on the infrastructure of the University of Cologne and University Hospital of Cologne
  • ontoserver-ballot.mii-termserv.de, public-test.mii-termserv.de, auth.mii-termserv.de und s.mii-termserv.de on a virtual server at Hetzner GmbH
  • terminology-highmed.medic.medfak.uni-koeln.de on the infrastructure of the University of Cologne and University Hospital of Cologne

In all cases, log files are created that contain technical information such as your IP address, the certificate you presented (Distinguished Name), the requests you made, and any error messages. However, as described in the section Log files and data processing, no personal data is processed.

Cloudflare

We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to enhance the security and delivery speed of our website. This is in our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of globally distributed servers that can deliver optimized content to website users. For this purpose, personal data may be processed in Cloudflare’s server log files. Please refer to the “Hosting” section for more details.

Cloudflare is the recipient of your personal data and acts as a data processor on our behalf. This is in our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR, as we do not operate our own content delivery network.

You have the right to object to the processing. Whether the objection is successful will be determined on a case-by-case basis.

The processing of the data specified in this section is neither legally nor contractually required. The functionality of the website is not guaranteed without this processing.

Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described.

For more information on your right to object and erasure options regarding Cloudflare, please refer to: [Cloudflare DPA]

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf.

We use the Cloudflare CDN for the following domains:

  • mii-termserv.de
  • www.mii-termserv.de

We do not use the Cloudflare CDN for the following domains, so Cloudflare cannot create granular log files for them:

  • ontoserver.mii-termserv.de
  • *.ontoserver.mii-termserv.de
  • ontoserver-ballot.mii-termserv.de
  • *.ontoserver-ballot.mii-termserv.de
  • and any other subdomains not listed here

We use the software Shlink to share short links. For example, the link s.mii-termserv.de/test can be used to shorten a longer URL. The software is hosted on a virtual server at Hetzner GmbH. Shlink is configured so that no personal data is collected, only the number of clicks for each link is surfaced to us.

Note about Cookies

We do not use cookies on our website https://mii-termserv.de. Scripts are only used for convenience features. We also offer other services under our domain that use cookies and more extensive JavaScript functions.


License agreement

We have thoroughly examined all resources we provide to ensure compliance with their respective licensing terms.

If you are the copyright holder of a resource and disagree with its publication, please contact us via e-mail. We will then remove the resource or find a license-compliant solution with you.

Please note that when using our services, you must comply with the license terms of the respective copyright holders. To facilitate orientation, we have marked the resources with references to our license page where we provide a brief summary of the most important license terms. However, the complete license terms of the copyright holders always apply.


Impress

Herausgeber

  • Universität zu LĂĽbeck
  • Ratzeburger Allee 160
  • 23538 LĂĽbeck
  • Telefon: +49 451 3101-0

Vertreten durch

  • Die Universität zu LĂĽbeck ist eine Stiftung des öffentlichen Rechts. Sie wird durch die Präsidentin Prof. Dr. Gabriele Gillessen-Kaesbach vertreten.

Verantwortliche Person innerhalb des Projektes

  • Dr. Ann-Kristin Kock-Schoppenhauer
  • Sektion fĂĽr Klinische Forschungs-IT, Institut fĂĽr Biometrie und Statistik
  • Universität zu LĂĽbeck & Universitätsklinikum Schleswig-Holstein
  • Ratzeburger Allee 160
  • 23538 LĂĽbeck

Kontakt

  • Telefon: 0451-500 52701
  • Telefax: 0451-500 40104
  • E-Mail

Postadresse

  • Universität zu LĂĽbeck
  • Arbeitsgruppe "SU-TermServ" c/o Sektion fĂĽr Klinische Forschungs-IT
  • Haus 32
  • Ratzeburger Allee 160
  • 23562 LĂĽbeck

Umsatzsteuer-ID

  • Umsatzsteuer-Identifikationsnummer gemäß § 27 a Umsatzsteuergesetz:
  • DE 202095138

Förderkennzeichen

  • LĂĽbeck: 01ZZ2312A
  • Köln: 01ZZ2312B
  • Hannover: 01ZZ2312C

Redaktionell verantwortlich

  • Arbeitsgruppen SU-TermServ an den Standorten Hannover, Köln und LĂĽbeck
  • Gestaltung und technische DurchfĂĽhrung: Arbeitsgruppe SU-TermServ in LĂĽbeck, verantwortlich durch Joshua Wiedekopf. E-Mail [email protected]