Privacy Policy

Data protection information on the processing of your data at EIT Health, Project HIPPS (mandatory information according to Art. 13 GDPR)

We at EIT Health, coordinators of the HIPSS project, take the protection of your personal data seriously and would like to inform you about data protection in our company at this point. This privacy policy explains the nature and manner of processing your personal data within our offered services as part of the EU funded project Health Innovation Procurement Support Services (“HIPPS”), project number 101158221.

A. General Information

I. Controllers

The joint data controllers pursuant to Art. 4 No. 7 GDPR for the data processing carried out in the context of your HIPPS application are:

EIT HEALTH EV, established in MIES-VAN-DER-ROHESTRASSE 1 C, MUNCHEN 80807, Germany

as well as

AGENCIA DE QUALITAT I AVALUACIO SANITARIES DE CATALUNYA, established in CALLE ROC BORONAT 81 95 2 PISO, BARCELONA 08005, Spain

UNIVERSITEIT HASSELT, established in MARTELARENLAAN 42, HASSELT 3500, Belgium

MEDICAL VALLEY EUROPAISCHE METROPOLREGION NURNBERG EV, established in HENKESTRASSE 91, ERLANGEN 91052, Germany

EL SITIO DE VALDELATARRA SL, established in MOSTENSES 11, 5º-12; 28015 MADRID, Spain

AVANIA BV, established in PROFESSOR BRONKHORSTLAAN 10 G 60, BILTHOVEN 3723 MB, Netherlands

EIT Health and the Consortia Members have concluded the necessary Joint Controller Agreement pursuant to Art. 26 GDPR.

Following this agreement, EIT Health has been appointed as the central point of contact.

As central point of contact you can reach the EIT Health Data Protection Officer per email to DataPrivacy@eithealth.eu at any time or per mail using the address above including “To the DPO”.

II. Personal Data Processed

Personal data refers to all data that can be related to you personally, such as your name, address, email address, organization, job title, country, experience level in innovation procurement, insights. If you provide us with personal data, we store and use your data in accordance with legal requirements, for instance, for the fulfillment of contracts, in accordance with the terms of application, or to respond to inquiries or pre-contractual measures.

If you visit us online or contact us electronically, we may process the IP address and other technical characteristics.

You can find more detailed information about individual data processing in the respective sections of this privacy policy.

III. Lawfulness of Data Processing

The processing of your data takes place only when there is a legal basis specified in Art. 6 Para. 1 GDPR, particularly:

• when your consent has been obtained according to Art. 6 Para. 1 lit. a GDPR,

• for the fulfillment of a contract or for the performance of pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR. This also applies to processing operations necessary for the performance of pre-contractual measures,

• to fulfill a legal obligation to which the controllers are subject according to Art. 6 Para. 1 lit. c GDPR,

• to safeguard a legitimate interest of the controllers or of a third party according to Art. 6 Para. 1 lit. f GDPR, provided that the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest. This may include:

o   to prevent misuse of services or the email address used

o   to maintain system stability and improve technical processes

o   to enhance and optimize our services

o   to report on the progress of the Project to the European Commission granting authority

o   as necessary for providing a functional website, as well as our content and services

o   unless you have objected to the use of your data, for marketing purposes of self-advertising as well as market and opinion research, to send you information about offers or promotions by letter or email within the legally permissible limits

o   to comply with issued advertising bans

o   to review and optimize procedures for needs analysis and direct customer approach

o   to assert legal claims and defense in legal disputes

o   to ensure the IT security and IT operations of our company

o   for reporting purposes

We will specify the applicable legal basis for each processing activity separately in this privacy policy. Processing may also be based on multiple legal grounds.

IV. Rights of Data Subjects

If personal data is processed, you as the data subject have the following rights:

• Right to access according to Art. 15 GDPR

• Right to rectification according to Art. 16 GDPR

• Right to erasure according to Art. 17 GDPR

• Right to restriction of processing according to Art. 18 GDPR

• Right to data portability according to Art. 20 GDPR

• Right to object to processing according to Art. 21 GDPR

Irrespective of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work or place of the alleged infringement, under Art. 77 GDPR, if you believe that the processing of personal data relating to you infringes the GDPR.

You can find the competent supervisory authority e.g. at: 
  https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht

Promenade 18

91522 Ansbach

Phone: 0981/180093-0

E-Mail: poststelle@lda.bayern.de

V. Data Transfer, Transmission to Other Countries

1. Transfer of Data to Processors and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant access to the data, this is done only on the basis of a legal permission, more specifically if:

• You have explicitly consented to this, Art. 6 Para 1 lit. a GDPR,

• The transmission is necessary for the performance of a contract or for the implementation of pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR,

• A legal obligation requires this according to Art. 6 Para. 1 lit. c GDPR,

• The transfer is necessary to safeguard our legitimate interests (e.g., when using agents, web hosts, etc.) and for the assertion, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data. If we engage third parties to process data on the basis of a so-called "data processing agreement," this is done according to Art. 28 GDPR.

a) Processor

We use Microsoft SharePoint and OneDrive for storing and processing the data. We have diligently chosen these processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the GDPR requirements and ensure the protection of the rights of the data subject.

We also made sure to choose server locations in the EU in order to prevent personal data from being transferred to third countries.

With these processors we have the necessary Data Processing Agreement in place.

b) Third Parties

We cooperate with the Consortia Members mentioned above and thus transfer your data to them. We have duly agreed the respective Joint Controllership Agreement with the Consortia Members.

2. Transfers to Third Countries

Information that allows direct identification of you (e.g., name, address, etc.) is only transferred to third countries (countries outside the European Economic Area, EEA) when it is necessary for the execution of your request or the contractual relationship, legally required, or you have given us your consent or instructed us to do so.

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) legally, or if this is done in the context of using third-party services or the disclosure or transmission of data to third parties, this is only done if the special requirements of Art. 44 et seq. GDPR are met. Processing is carried out in particular on the basis of special guarantees, such as the officially recognized determination of an EU equivalent level of data protection or the conclusion of EU standard contractual clauses.

In the context of using tracking tools on our website, there is a possibility that the personal data collected may be transmitted to and processed in countries outside the EEA. Please refer to the information about cookies and other tracking technologies in the consent tool and this privacy policy. An adequate level of protection during data transmission is ensured by the conclusion of the EU Standard Contractual Clauses (available at https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1487055654356&uri=CELEX:32010D0087). We strive for further guarantees from the respective provider.

VI. Right to Revoke and Right to Object

1. Objection to the Processing of Your Data

You have the right to object at any time to the processing of personal data concerning you, which is based on Art. 6 Para. 1 lit. e or f GDPR, for reasons arising from your particular situation, according to Art. 21 GDPR. This is the case particularly if the processing is not necessary for the fulfilment of a contract with you. When exercising your right to object, we ask you to explain the reasons why your personal data should not be processed as we have done. In the case of a justified objection, we will cease or adjust the processing of data or demonstrate compelling legitimate grounds for continuing the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

2. Right to Revoke Your Consent Under Data Protection Law

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3. You can inform us about your objection or withdrawal using the contact details mentioned above.

VII. Deletion of Data and Duration of Storage

Unless expressly stated otherwise in this privacy policy, the data stored with us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations, e.g., data that must be retained for commercial or tax reasons. According to legal requirements in Germany, retention for commercial and tax law purposes may be necessary for up to 10 years.

VIII. No Automated Decision-Making, Including Profiling

We do not intend to use the personal data collected from you for any automated decision-making process (including profiling).

IX. Security Measures

In accordance with Art. 32 GDPR, considering the state of technology, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures particularly include securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input, transfer, ensuring availability, and its separation. Furthermore, we have procedures in place to ensure the exercise of data subjects' rights, deletion of data, and responses to data compromise. Additionally, we consider the protection of personal data already at the design stage of hardware, software, and procedures, according to the principle of privacy by design and by default settings (Art. 25 GDPR). Security measures particularly include the encrypted transmission of data between your browser and our server. 

X. SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change of the browser's address line from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

B. INDIVIDUAL DATA PROCESSING

 I. Contacting Us

When you actively contact us via email, application form, or phone call, interviews, workshops and event participations, the personal data you provide are collected and processed to handle your query. This particularly includes your name and contact details (email address, address, mobile number), and other information transmitted by you (e.g. comments, reviews, professional occupation). When using our application form, the data transmitted through it are processed (e.g., name, email address, telephone number, geo location and the time of transmission).

The legal basis for the collection, processing, and transmission of data is your given consent according to Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future using the contact details listed above or under pau.esteve@eithealth.eu. If your contact aims at concluding or performing a contract, then the legal basis is Art. 6 Para. 1 lit. b GDPR. Email inquiries and other contacts are deleted within a reasonable period, within which a contract conclusion or the like is no longer expected.

II. Contractual Relationship

In the context of inquiries and consultation regarding your HIPPS Application, we process personal data that you have transmitted to us or that we have legitimately obtained from third parties (e.g. partners, proposer)

This specifically includes:

• Username (first and last name)

• User Contact information

• Organization

• Job Title

• Experience Level in innovation procurement

• Insights

We transfer your data to third parties, i.e. during the matchmaking process we transfer your data amongst experts and between experts and service users that match with the needs you have described in the application form.

The legal basis for this is Art. 6 Para. 1 lit. b GDPR. We process and store your data for the duration of the contractual relationship, taking into account legal retention obligations.

We also transfer your data to the European Commission as granting authority, for reporting purposes. The European Commission might use your personal information to contact you to evaluate the services that have been provided under the HIPPS project.

Furthermore, we use your data for the purpose of conducting evaluations and analysis of our services. These are used exclusively for internal purposes of assessment, planning the alignment, and optimization of our services. Data is not transferred to third parties. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in optimizing and making our services user-friendly through needs analysis, testing, and improvement of our procedures in consulting, planning, and execution of our offers.

III. Advertising Measures

We contact you within the legally permissible framework using consent-free advertising measures, such as customer satisfaction surveys. For this purpose, we process your name and address and, if applicable (for customers), your email address. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in improving and optimizing our services and its marketing, for the purposes of self-advertising (possibly for partners) and market and opinion research, to provide you with information about offers or promotions within legally permissible limits, and in reviewing and optimizing procedures for needs analysis and direct customer approach. Advertising that goes beyond the legally permissible framework will only occur with your prior consent. You have the right at any time to object to the further promotional use of your personal data through our contact addresses listed above. To avoid sending further advertisements, we may then include your data in a suppression file.

C. Information on Data Processing During Website Visit

I. Collection of Personal Data During Informational Use of Our Website (Log Files)

When you use our website for informational purposes only, i.e., if you do not log in, register, or provide us with additional information as part of using a service offered, our system automatically collects data and information transmitted by your browser to enable your visit to the website. This data is also stored in the log files of our system. No linkage with other visitor data occurs. The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in providing the core functionalities of the website, which are essential for a qualitative, safe, and stable operation of the website. The following data is collected:

• Information about the browser type and version used;

• The user's operating system;

• The user's Internet service provider;

• The user’s IP address;

• Date and time of access;

• Websites from which the user's system reaches our website;

• Websites accessed by the user's system through our website. In the context of using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use.

The collection of log data to provide the website, including its storage in log files, is essential for the operation of the website. Therefore, as a rule, there is no possibility for the user to object. Exceptions apply for log data processed beyond mere informational use in the context of various services offered on our website. More detailed information about this can be found in the notes on the individual services in this privacy statement.

This website is hosted by an external service provider (host). The personal data collected on this website are stored on the host's servers. This may involve, among others, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The hosting services we use from our third-party provider are for the provision of infrastructure and platform services, computing capacity, storage space, and database services, security services, and technical maintenance services that we use for the operation of this website. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the functional and secure provision of this website. The use of the host is also for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR).

We use the following host: Google.

To ensure data protection-compliant processing, we have entered into a data processing agreement with our host.

II. Use of Our Websites with Transmission of Information or Email Contact

In addition to the informational use of our websites as described above, we offer various services that you can use if interested. For example, we provide a contact form on our website that can be used for electronic contact or instructions. When a user avails themselves of this option, the data entered in the input mask are transmitted to us and stored, along with the date/time, the IP address, and information about the browser and operating system used. Typically, personal data such as salutation, first and last name, email address, address data (street, house number, postal code, and city), mobile or telephone number are required, which we use to provide the respective service. Optional information is marked accordingly.

III. Newsletter

1. Newsletter Subscription

You have the option to subscribe to the newsletter offered on our website.

If you wish to receive the newsletter, we require your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. For this purpose, we use the so-called double opt-in procedure: After signing up, you will receive an email at the address you provided, asking you to confirm your subscription.

Upon confirmation, the following information will be stored:

1. • Username (first and last name)

   • Email address

   • Organization

   • Job Title

   • Country

   • Experience Level in innovation procurement

The processing of data entered into the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to store the data, email address, and their use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of data processing operations already carried out remains unaffected by the revocation.

The data you provide for receiving the newsletter will be stored until you unsubscribe and deleted after your unsubscription. Data stored for other purposes remain unaffected.

2. MailChimp

The newsletter is distributed using the service provider MailChimp, operated by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service used for organizing and analyzing newsletter distribution. When you provide data for newsletter subscription (e.g., email address), it is stored on MailChimp servers in the USA.

To ensure secure data transfer, we have entered into the EU Standard Contractual Clauses with MailChimp. Additionally, we have signed a “Data Processing Agreement” with MailChimp, which obligates MailChimp to protect our customers’ data and prohibits sharing it with third parties.

3. Statistical Analysis of Newsletter Campaigns

MailChimp allows us to analyze our newsletter campaigns. When you open an email sent via MailChimp, a file included in the email (a so-called web beacon) connects to MailChimp servers in the USA. This determines whether a newsletter was opened and which links were clicked. Technical information such as time of retrieval, IP address, browser type, and operating system is also collected.

These data cannot be linked to specific newsletter recipients and are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses may help us tailor future newsletters to better match the interests of recipients.

If you do not wish for MailChimp to analyze your behavior, you must unsubscribe from the newsletter. A link to unsubscribe is provided in every newsletter, and you can also unsubscribe directly on the website.

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. The legality of any data processing carried out before your revocation remains unaffected.

The data you provide for receiving the newsletter will be stored until you unsubscribe and deleted from both our servers and MailChimp’s servers after cancellation. Data stored for other purposes remain unaffected.

For more information about MailChimp, visit: https://mailchimp.com/de/gdpr/.

IV. LinkedIn Insight Tag (LinkedIn Pixel)

This website uses the LinkedIn Insight Tag. The service provider responsible for the EU is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

By integrating the LinkedIn Insight Tag, we can display interest-based and relevant advertisements ("Ads") to you as a user of our website when visiting the LinkedIn social network or other websites that also use this procedure. We also receive statistics about website visitors and demographics. Furthermore, we can analyze your interaction with our LinkedIn advertisements and interest in our offerings using a conversion measurement feature, and display LinkedIn ads via retargeting on other websites.

Our objective is to improve the effectiveness of LinkedIn advertisements and make our website more engaging for you.

The legal basis is your consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect.

1 Data Processing Activities:

Using the LinkedIn Insight Tag, we receive information about visitors to our website. If a visitor is registered with LinkedIn, we can analyze professional information (e.g., career level, company size, country, location, industry, and job title) to better tailor our website to specific target groups. Additionally, we can measure whether visitors perform actions such as making a purchase (conversion measurement), including cross-device tracking (e.g., from PC to tablet).

LinkedIn Insight Tag also provides a retargeting feature, allowing us to display targeted ads to website visitors outside of our website. According to LinkedIn, no direct identification of ad recipients occurs.

As the website operator, we cannot associate the data collected by LinkedIn with specific individuals. LinkedIn itself collects log files (URL, referrer URL, IP address, device and browser properties, and access time). IP addresses are truncated or, if used for cross-device tracking of LinkedIn members, hashed (pseudonymized). LinkedIn deletes direct identifiers of its members within seven days, and the remaining pseudonymized data is deleted within 180 days. We do not have access to the personal data processed by LinkedIn but receive anonymized statistics instead.

We have entered into a data processing agreement with LinkedIn. For details, visit https://www.linkedin.com/legal/l/dpa.

2 Connection with LinkedIn Servers:

By integrating the LinkedIn Insight Tag, your browser automatically establishes a direct connection with LinkedIn's server when visiting either LinkedIn's website or other websites using the LinkedIn Insight Tag.

We have no influence over the extent and type of data usage by LinkedIn and inform you to the best of our knowledge: By integrating the LinkedIn Insight Tag, LinkedIn receives information that you have visited the corresponding webpage of our website or clicked on one of our advertisements. If you are registered with LinkedIn, LinkedIn may associate your visit with your account. Even if you are not registered or logged in, LinkedIn may collect your IP address, time window, and other identifying information and link it with actions you perform (see above).

LinkedIn stores the personal data of website visitors on its servers in the USA and uses it for its own advertising purposes. Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. For more details, refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

3 Legal Basis and Opt-Out Options:

The legal basis for processing your data is Art. 6(1)(a) GDPR, meaning that the integration occurs only with your consent. You can withdraw your consent at any time through our consent tool.

Additionally, you can deactivate the LinkedIn Insight Tag and object to further advertising in the ad settings at https://www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. More settings and information are available in the LinkedIn Privacy Center at https://privacy.linkedin.com/de-de?lr=1.

Additionally, LinkedIn members can manage the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, log out of your LinkedIn account before visiting our website.

V. Social Media

1. Social Media Plug-ins in Use

We currently use the following social media plug-ins: LinkedIn. We employ the "two-click solution," meaning that when you visit our site, no personal data is initially shared with the providers of these plug-ins. You can identify the plug-in provider by the marking on the button, which shows either the provider's initial or logo. You can interact with the plug-in provider by clicking on the button.

Only when you click on the marked button to activate it,  the plug-in provider will receive information that you have accessed the corresponding page on our website. At that point, the data mentioned in Section B - I of this statement will also be transmitted. According to Facebook and Xing, in Germany, IP addresses are anonymized immediately upon collection. By activating the plug-in, your personal data will be transmitted to and stored by the respective plug-in provider (for U.S.-based providers, this occurs in the U.S.). Since plug-in providers typically collect data through cookies, we recommend deleting all cookies via your browser's security settings before clicking on a deactivated plug-in button.

2. Limited Control Over Data

We have no influence over the data collected or the data processing activities carried out by the plug-in provider. We also do not have full knowledge of the extent of data collection, the purposes of processing, or the retention periods. Likewise, we have no information about the deletion of the collected data by the plug-in provider.

3. Data Usage by Plug-in Providers

The plug-in provider stores the data collected about you as user profiles and uses it for purposes such as advertising, market research, and/or optimizing its website for user needs. These evaluations are conducted, including for users who are not logged in, to display targeted advertising and inform other social network users of your activities on our website.

You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider.

Through these plug-ins, we enable interaction with social networks and other users to improve our offerings and make our services more engaging for users. The legal basis for using these plug-ins is Article 6(1)(f) of the GDPR.

4. Data Sharing

Data transmission occurs regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in to the plug-in provider's service, the data collected on our site will be directly associated with your account. If you activate the button, for instance, to share a page, this information will also be stored in your user account and shared publicly with your contacts.

We recommend logging out of your social network account after using it, particularly before activating the plug-in button, to avoid linking your activity to your profile.

5. Further Information

For more information on the purpose and scope of data collection and processing by the plug-in providers, please refer to the privacy policies listed below. There, you will also find details about your rights and settings to protect your privacy.

6. Plug-in Providers and Privacy Policies

Below are the addresses and links to the privacy policies of the respective plug-in providers:

• LinkedIn Ireland Unlimited Company      
  Wilton Place, Dublin 2, Ireland       
  Privacy Policy

• Google Ireland Limited     
  Gordon House, Barrow Street, Dublin 4, Ireland   
  Privacy Policy

VI. Cookies

The website uses so-called "cookies". Cookies are small text files that are stored and assigned on your hard drive by the browser you use and through which the entity that sets the cookie receives certain information. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit within an online offering, making the internet offering more user-friendly and effective overall.

The following categories of cookies exist:

a) Temporary Cookies

b) Permanent Cookies

c) Third-Party Cookies

Ad a) Temporary cookies, also known as "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online service and closes their browser. For example, the content of a shopping cart in an online store or a login status can be stored in such a cookie.

Ad b) Permanent or "persistent" cookies are cookies that remain stored even after closing the browser. For example, the login status can be saved if users revisit the site after several days. Additionally, such a cookie can store the interests of users, which can be used for reach measurement or marketing purposes.

Ad c) "Third-party cookies" are cookies provided by parties other than the operator of the online service (otherwise, if only their cookies are used, they are referred to as "first-party cookies").

On our website we use the following cookies:

-          Strictly Necessary and Security Cookies: These cookies ensure secure communication and authentication on our site.

-          Functional Cookies: Cookies that enhance your user experience by storing settings or preferences.

-          Analytical and Performance Cookies: These track user behaviour for analytics and improve service quality.

-          Advertising and Targeting Cookies: Used for personalized advertising and managing ad performance.

Some functions of our website cannot be provided without the use of cookies. Cookies cannot execute programs or transmit viruses.

When you visit our website, necessary temporary cookies (so-called session cookies) are used for technical service provision. They contain a so-called session ID, which is an identification code unique to each device for the respective session. These help to differentiate the various devices accessing the website. This identification code is read during the session to distinguish the devices. These session cookies expire at the end of the session, meaning they are automatically deleted from your device as soon as you close your internet browser.

Our websites use such cookies:

• AEC: Prevents malicious activity and ensures security during user navigation on Google services.

• APISID / SAPISID: Used for managing preferences and ensuring secure browsing for signed-in users on Google services.

• HSID: Ensures user security by encrypting and authenticating session data.

• SID / SIDCC: Critical for maintaining user session integrity and security.

• __Secure- Cookies*: Multiple cookies (e.g., __Secure-1PAPISID, __Secure-1PSID) used for authentication, fraud prevention, and enforcing security policies across Google services.

• NID: Stores user preferences like language or region for better personalization.

• SEARCH_SAMESITE: Ensures same-site requests are handled securely to mitigate cross-site request forgery.

• SITES_NON_ESSENTIAL_COOKIES_CONSENT: Records whether the user has consented to non-essential cookies.

• OGP / OGPC: Track user preferences and activities, often used for embedding Google Maps.

• SOCS: Manages cookie consent settings for Google services.

• SSID: Tracks user session details for personalization and targeting.

• __Secure-3P Cookies (e.g., __Secure-3PAPISID, __Secure-3PSID): Help with ad delivery, retargeting, and personalized advertising.

VII. Google Analytics

If you have provided your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The service provider responsible in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

1. Scope of Processing

Google Analytics uses cookies to analyze how you use our website. Information collected by the cookies about your use of this website is generally transferred to a Google server in the United States and stored there.

We use the "anonymizeIP" function (IP masking): By activating IP anonymization on this website, Google truncates your IP address within member states of the European Union or other contracting states of the European Economic Area agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser in connection with Google Analytics is not combined with other data from Google.

During your website visit, the following data is collected:

• Number of users

• The pages you visit and your "click path."

• Achievement of "website goals" (conversions, e.g., newsletter sign-ups, downloads, purchases).

• Your user behavior (e.g., clicks, time spent on pages, bounce rates).

• Your approximate location (region).

• Your IP address (in truncated form).

• Technical information about your browser and devices (e.g., language settings, screen resolution).

• Your internet service provider.

• The referrer URL (the website or advertisement through which you reached this website).

2. Purposes of Processing

On behalf of the operator of this website, Google will use this information to analyze your (pseudonymous [NOT APPLICABLE WHEN USING USER-ID]) use of the website, compile reports on website activities, and provide other services related to website and internet usage. Reports provided by Google Analytics help analyze the performance of our website [Optional] and the success of our marketing campaigns.

3. Recipients

The recipient of the data is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
acting as a data processor. We have entered into a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and potentially U.S. authorities may have access to the data stored by Google.

4. Data Transfers to Third Countries

A transfer of data to the USA cannot be ruled out.

5. Retention Period

The data sent by us and linked to cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

6. Preventing Data Collection

You can prevent the collection of data generated by cookies and related to your website usage (including your IP address) by Google, as well as the processing of this data by Google, by:

1. Not providing consent for cookie use, or

2. Downloading and installing the browser add-on to disable Google Analytics [HERE].

You can also prevent cookies from being stored by adjusting your browser settings. However, if you configure your browser to reject all cookies, some functionalities of this website and others may be limited.

7. Legal Basis and Right to Withdraw Consent

The legal basis for this data processing is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time with future effect by accessing the cookie settings [INSERT LINK TO CONSENT TOOL SETTINGS] and updating your preferences.

For more information about Google Analytics terms of use and Google's privacy practices, please visit:
Google Analytics Terms of Service and Google Privacy Policy.

We will be happy to answer any further questions you may have per email to DataPrivacy@eithealth.eu.