1. Data Processing General Purpose

APST Research GmbH, at the address Westhafenstraße 1, 13353 Berlin, Tel: +49 (0)30 81031410, EMail: [email protected] (hereinafter “APST Research“) embodies a digitally-supported research organization. It supports medical research projects in neurological diseases, especially amyotrophic lateral sclerosis (ALS), spinal muscular atrophy (SMA), and other neurodegenerative diseases, by using a digital platform, and mobile applications (ALS-App and SMA-App) with which research-related data are digitally mapped and recorded for medical research.

2. Responsibilities

(1) APST Research is responsible for data privacy, protection and security for the als-opm.org website user experience. On behalf of APST Research, personal data are stored on servers that meet the particular and most stringent data security and data privacy standards for health data. APST Research is the contracting party of hosting services of Ambulanzpartner Soziotechnologie APST GmbH (hereinafter “APST“) and the responsible entity pursuant to the General Data Protection Regulation (GDPR).

(2) The personal data captured and used via the APST research are sensitive data protected with effective and reliable data privacy and data security measures. Together with APST, APST Research ensures compliance with data privacy laws and is reportable to the County of Berlin Data Protection Authority. At APST Research, the top priority is equally given to company-internal data privacy and protection. Employees are bound to discretion and are under obligation to act in conformity with the applicable data privacy laws.

(3) Our data privacy officers can be contacted at [email protected] or by sending a letter for the attention of “Data Privacy Officer”, at our address stated above.

3. Data Processing for Website Visits

(1) When using our websites merely for the purpose of gaining information, i.e. when no request or personal information is submitted and no login is performed, we shall process the data your browser sends to our server, and those data technically required to display our website to you and to safeguard stability and security:

• IP address
• Date and time of enquiry
• Duration of website visit
• Time zone difference to Greenwich Mean Time (GMT)
• Content of enquiry (precise page)
• Access status/http status code
• Data volume transferred each time
• Website this enquiry is coming from
• Our websites that you visit
• Internet service provider
• Browser type
• Server Log Files
• Operating systems and their interface
• Language and version of the browser software

(2) The relevant legal basis is Art. 6 Section 1 p. 1 lit. f) GDPR, i.e. our legitimate interest in displaying the websites that are accessed.

4. Data Processing for Contact

When you contact us via e-mail, telephone, or by using a contact form, the information you supply to us (e.g. e-mail address, name, telephone number, and content of the inquiry) shall be processed to answer your queries and/or deal with your issue. The legal basis for this is Art. 6 Section 1 p. 1 lit. b GDPR.

5. Your Rights

(1) With regard to your personal data, you shall be entitled to the following rights in your dealings with us:

• Right to information (Art. 15 GDPR)
• Right to rectification and deletion (Art. 16 und 17 GDPR)
• Right to limitation of processing (Art. 18 GDPR)
• Right to objection against processing (Art. 21 GDPR)
• Right to data transferability (Art. 20 GDPR)

(2) You shall furthermore have the right to lodge a complaint with the Data Protection Authority about the way we process your data.
(3) We point out that you may revoke any data privacy consent you have given us at any time and with effect for the future. The same shall apply to your consent to be contacted for commercial purposes. To this end, please simply send an e-mail to: [email protected]. The respective revocation may result in our offer no longer being available to you or with limitations only.
(4) In so far as our processing of your personal data is based on the weighing of interests (Art. 6 Section 1 S. 1 lit. f GDPR), you shall be entitled to object to such processing. When lodging such an objection, we will kindly ask you to tell us the reason why we are no longer allowed to process your personal data the way we do. For any substantiated objection, we shall verify the facts and either cease to process your data, adjust the processing method or elucidate to you our compelling protection-worthy reasons why we shall continue to process your data.

6. Data Security and Data Deletion

(1) The data accessible by APST Research are sensitive data and shall thus be subject to the most stringent and state-of-the-art security standards.
(2) Data shall be encoded for transfer from the user’s computer to the server and vice versa.
(3) The data processed by APST Research shall be deleted upon the expiry of the contract if no relevant retention periods are provided by law. Data shall continue to be processed after the patient’s death unless the patient’s legal successor has terminated the contractual relationship or the patient’s consent has been revoked. The processing of any data not deleted for reasons of compliance with legal provisions (e.g., settlement data pursuant to § 257 Section 1 German Commercial Code [Handelsgesetzbuch, HGB] and/or § 147 Section 1 commercial/tax regulations for data retention) shall be limited, i.e., data shall be disabled for operative use.