I. Data protection information according to Art. 13 and 21 GDPR for the website of the Nephrological Research Laboratory, Clinic II for Internal Medicine

1. General

We, the Nephrological Research Laboratory, Clinic II for Internal Medicine, take the protection of your personal data and the legal obligations that serve to ensure this protection very seriously. The legal provisions require comprehensive transparency in all issues regarding the processing of personal data. Only when the processing is traceable for you as the person concerned (data subject), you can be deemed to be sufficiently informed about the intention, purpose and scope of the processing. That is why our Privacy Policy explains to you in detail which so-called personal data we process when you use the websites,,,, and or any other Internet pages that refer to it (see definitions below 2.).

Controller” in terms of the General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz – German Federal Data Protection Act (BDSG) and other data protection regulations is:

Nephrological Research Laboratory, Clinic II for Internal Medicine

Joseph-Stelzmann-Str. 26, 50931 Köln (for and deviating: Kerpener Str. 62, 50937 Köln).

Tel: +49 (0)221/ 478 – 89030 (;;; / +49 (0)221-478/ 3439 ( / +49 (0)221-478/ 30627 (

Mail: (for all websites)

Webites:,,,, und

referred to hereinafter as „controller“ or „we“.

The responsible data protection officer is:

Prof. Dr. med. Bernhard Schermer

Joseph-Stelzmann-Str. 26, 50931 Köln (für and deviated: Kerpener Str. 62, 50937 Köln)

Telefonnummer +49-221-478/ 89030


Websites:,,,, and

Please be aware that you may be redirected to other Internet pages via links on our website which other pages are not operated by us but by third parties. We either clearly mark such links or you can recognise them by the change of the address line of your browser. We are not responsible for compliance with the applicable data protection regulations and secure handling of your personal data by third parties operating such other Internet pages.

2. Definitions

2.1. According to the GDPR

This Privacy Policy uses the terms used in the wording of the GPPR. The definitions (Art. 4 GDPR) are available for instance at einsehen.

2.2. Cookies

Cookies are text files which a website places on your terminal or which are read out there. They contain letters and combinations of numbers to enable, for instance when a connection is again established with the website that places the cookies, the recognition of the user and his settings, to enable you to stay logged in to a customer account or to conduct statistical analyses of a certain user behaviour.

3. General information about data processing

We only process personal data to the extent this is permitted by law. Disclosure or transfer to third parties takes place only in the cases described below (see sec. 4 below).

The personal data is deleted or protected by technical and organisational measures (e.g. pseudonymisation, encryption) as soon as the data processing purpose ceases to exist. This is also the case as soon as a prescribed storage period expires unless continued storage of the personal data is necessary for the purpose of conclusion or performance of a contract.

Unless we are obliged by law to ensure extended storage or disclose or transfer personal data to third parties (including but not limited to criminal prosecution authorities), the decision which personal data is collected by us, how long it is stored and to which extent you may be required to disclose your data depends on which functions and features of the website you use from time to time.

4. Data processing in connection with the use of the website

Using the website and its functions and features, as a rule, requires the processing of certain personal data.

4.1. Use of the website for information purposes

When you access our websites and use them for mere information purposes, e.g. without using additional functions or features such as contact forms or social media plugins, we automatically collect personal data. We thereby collect the following information: Name and URL of the retrieved file, date and time of the retrieval, transferred data volume, notification of a successful retrieval, browser type and browser version, operating system, referrer URL and the IP address. This information is transferred by your browser unless you have configured it such that the information transfer is prevented.

The personal data is processed for purposes of functionality and optimisation of the website and to ensure the security of our information technology systems. This is at the same time our legitimate interest which renders the processing permissible according to Art. 6 subs. 1 f) GDPR. /p>

The personal data is stored during a period of 4 weeks. We do not combine the personal data with other data sources. The data is only disclosed or transferred to third parties if and to the extent this is necessary for operating our website. For such purpose, the personal data is transferred to the cekom GmbH and to the Hoster (Fa. Hetzer). It is not intended to transfer personal data to a third country or an international organisation.

4.2. Google Web Fonts

When you access our websites, so-called Web Fonts are downloaded to ensure uniform display of various fonts (with the exception of the website These contents are made available by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When you access our website, your browser loads the required web fonts to your browser cache to correctly display texts and fonts. For such purpose, the browser you use establishes a connection to the Google servers. Google thereby becomes aware that our website was accessed from your IP address.

We use Google Web Fonts to ensure uniform and appealing presentation of our website. This is at the same time a legitimate interest in terms of Art. 6 subs. 1 f) GDPR. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).

We collect your IP address to enable data transfer to Google. If your browser does not support Web Fonts or you deactivate this function, the data will not be transferred.

Further information on Google Web Fonts is available at The Google Privacy Policy is available at

4.3. Features: Contact form / Email contact

When you use the contact form available on our websites,, oder or write us an email, we will process the personal data you have provided thereby. This information is transmitted by your browser or email client and stored in our information technology systems. The processing of this personal data is necessary to answer your request. In addition, your IP address as well as the data and time of your request will be stored if you write us an email.

Data processing serves to answer your request. If you send us your application documents by e-mail (in relation to the section "Jobs" on the page, your personal data stated there will also be stored by us.

These processing activities are lawful because answering your request is a legitimate interest in terms of Art. 6 subs. 1 f) GDPR. The processing of your personal data in relation to the application procedure is justified in accordance with Art. 88 subs. 1 GDPR in conjunction with § 26 BDSG.

The personal data is stored as long as this is required for answering your request. If your request should bring about subsequent contract conclusion, the data is stored as long as this is required for taking steps prior to entering into a contract or for the performance of the contract. Thereafter, the personal data is deleted routinely every 3 months. We do not combine this personal data with other data sources. The data is not disclosed or transferred to third parties. It is not intended to transfer the data to a third country or an international organisation. You are not obliged to provide this personal data; however, if you do not provide this data, you cannot use the contact form or send an email.

5. Rights of data subjects

You as the person concerned (hereinafter “data subject”) are entitled to a right to information according to Art. 15 GDPR, a right to rectification according to Art. 16 GDPR, a right to erasure according to Art. 17 GDPR, a right to restriction of processing according to Art. 18 GDPR as well as a right to data portability according to Art. 20 GDPR. The right to information as well as the right to erasure are subject to the restrictions under §§ 34, 35 BDGS (German Federal Data Protection Act). In addition, you are entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR in combination with § 19 BDSG).

6. Automated case-by-case decisions including profiling

7. Controller’s duty to inform

We will inform all recipients to whom your personal data was disclosed of any rectification or erasure of your personal data or any restriction of processing according to Art. 16, Art. 17 subs. 1 and Art. 18 GDPR unless it is impossible or requires unreasonable effort to inform them.

We will also inform you about the identity of the recipients at your request.

8. Right to oppose

You are entitled for reasons arising from your specific situation to oppose at any time the processing of your personal data which is carried out according to Art. 6 subs. 1 e) or f) GDPR. Where personal data is processed for the purpose of direct marketing, you are entitled at any time to oppose the processing of your personal data for such direct marketing purposes.

9. Right to withdraw your consent to personal data processing

You are entitled under Art. 7 subs. 3 sentence 4 GDPR at any time to withdraw your consent. However, the withdrawal will leave the lawfulness of the processing that has taken place with your consent before the withdrawal unimpaired. Thus, the withdrawal only takes effect for the processing intended for the time after the withdrawal. The withdrawal can be made informally, by posted letter or email. If you oppose the processing, we will no longer process your personal data unless this is permitted by another (legal) basis. If you oppose the processing and there is no other legal basis which permits continued processing, we are obliged under Art. 17 subs. 2 b) GDPR to erase your personal data without undue delay (“unverzüglich”) upon your request.

The withdrawal can be made informally and is to be addressed to:

Nephrological Research Laboratory, Clinic II for Internal Medicine

Joseph-Stelzmann-Str. 26, 50931 Köln

For und deviated: Kerpener Str. 62, 50937 Köln