to home
                                                                  Home  |  Sitemap  |  Data Privacy Policy  |  Legal notice

Data Privacy Policy

I. Contact information

I.1. Data controller:

Munich Cancer Registry (MCR)
of the Munich Tumour Centre (TZM)
at the Institute for Medical Information Processing, Biometry and Epidemiology (IBE)
Ludwig-Maximilians-University (LMU) Munich

Munich Cancer Registry (MCR),
Regional Centre of the Bavarian Cancer Registry,
run by the Bavarian State Office for Health and Food Safety (LGL),
responsible for Upper Bavaria and Landshut,
at the Munich University Medical Center (KUM),
University Hospital of Ludwig-Maximilians-University (LMU) Munich
Mailing address:
Tumorregister München
Klinikum Großhadern/IBE
Marchioninistr. 15
D - 81377 München
Telephone: +49-89-4400-7-4756/7756 or +49-89-4400-7-4750/7750
Facsimile: +49-89-4400-7-4753

I.2. Address of the data protection officer

Tumorregister München
Klinikum Großhadern/IBE
Marchioninistr. 15
D - 81377 München

II. General information on data processing at the Munich Cancer Registry

II. 1. Scope of application of the Data Privacy Policy

Use of the Munich Cancer Registry public websites is generally possible without need of providing any personal data.

Are you a patient within the purview of the Munich Cancer Registry?

On the Internet, patient data are presented only in anonymized and aggregated form.
Your data will be reported to MCR in compliance with the reporting obligations (Bavarian Cancer Registry Act - BayKRegG, Art. 4) and will only be used for a specific purpose.
"It is mandatory to report the following:
  1. the first confirmed diagnosis of cancer,
  2. the histological, laboratory or cytological findings relating to the cancer,
  3. the nature and time of the commencement and completion of a therapeutic treatment,
  4. the diagnosis of recurrences, metastases and secondary tumors and other changes in the course of the disease,
  5. the death of a person suffering from cancer."
The medical unit in charge of a patient's care is obliged to transmit the intended portion of the basic oncological data (and the organ-specific modules) to the regional centre.
In reference to your rights please see point IV. and V.

In your capacity as a physician or cooperation partner, are you a notifier to the Munich Cancer Registry?

On the Internet, patient data are presented only in anonymized and aggregated form.
If you, in your capacity as a physician or cooperation partner, have access to the closed TRM-Internet site, your personal data (notifier master data) will only be used for a specific purpose.

II. 2. Purpose and legal basis of data processing

According to the Bavarian Cancer Registry Act (BayKRegG) and the Ordinance on the Implementation of the Bavarian Cancer Registry Act (Cancer Registry Ordinance - BayKRegV), medical units are under obligation to report all cases of cancer.
Medical units are hospitals, doctors' and dentists' offices as well as other medical care institutions or doctors and dentists who do not work in an institution according to No. 1 of the Bavarian Cancer Registry Act (BayKRegG) Art. 3.
In accordance with the Ordinance on the Implementation of the Bavarian Cancer Registry Act (Cancer Registry Ordinance - BayKRegV, § 6), notifier-related data must also be recorded:
These consist of the notifier master data such as e. g. institute indicator, business premises number (BSNR), lifetime physician identification number (LANR), telephone number, academic degree, profession, specialty, bank data.

III. Logging of access to the Munich Cancer Registry's websites.

Are you a visitor to the Munich Cancer Registry's website?

III. 1. Server log files

When accessing the Munich Cancer Registry's Internet pages, general data and information are collected each time a visitor or an automated system accesses a website. These general access data are logged in the log files of the server.
The following is recorded:
  1. the browser types and versions,
  2. the operating system used,
  3. the website from which the user is accessing the site,
  4. the sub-websites which are accessed,
  5. the date and time of access,
  6. an Internet protocol address (IP address),
  7. if necessary, the Internet service provider and
  8. other similar data and information used to avert danger in the event of attacks on the Munich Cancer Registry's information technology systems.
When using these general access data, the Munich Cancer Registry does not draw any conclusions about the data subject.
As part of the mandatory recording duty (Bavarian Cancer Registry Act - BayKRegG), conclusions are drawn from the log files about accesses, file calls (sub-websites) and login duration.
These general access data are also required for reasons of technical security and for purposes of identification and tracking of unauthorized access attempts.

III. 2. Cookies

The TRM does not use cookies on its websites.

III. 3. E-mail address

In the case of incoming e-mails, the e-mail address and the other data transmitted (e. g. content, attachments) will only be used for correspondence and stored only for as long as is necessary for that purpose, unless a further legal basis justifies further processing.
Unencrypted e-mails are basically not secure, i.e. they can be read, modified or intercepted by third parties during transmission. When sending messages qualified for protection, you should therefore send them by mail, fax, PGP encryption (see imprint), or request a data box.
Please note that in the case of an e-mail request, we are unable to verify your identity and have no way of knowing who is behind the e-mail address. Legally secure communication via simple unsigned e-mail cannot be guaranteed, even if the e-mail is encrypted.
We are to some extent using filters against unsolicited advertising (so-called spam filters) which may in some cases erroneously classify and delete e-mails as unsolicited advertising. E-mails which may contain harmful programs, e.g. viruses, are automatically deleted.

III. 4. Databox/Portal method

The Databox is an encrypted data storage medium which can be used for data exchange. It is normally used for data transmissions which
  • require special protection and/or which
  • are too large to be sent as e-mail.
All you need to use the Databox is a web browser and Internet access. There is no need for installing additional software.
How to request a Databox, e. g. by e-mail:

III. 5. SSL encryption

For security reasons and to protect the transmission of confidential contents, the Munich Cancer Registry's website uses SSL encryption (the browser's address line changes from "http://" to "https://" and displays a lock symbol).
While SSL encryption is activated, the data cannot be read by third parties. These measures for the protection of these websites are continuously adapted to the state of the art. Nevertheless, please be advised that data protection for the transmission of data within the Internet can only be guaranteed to the extent of the current state of the art.

IV. Your rights

In addition to the right of objection pursuant to Art. 5 of the Bavarian Cancer Registry Act (BayKRegG) (see V) you are entitled to the following further rights:
IV. 1. Right of access to your personal data stored with us in accordance with Art. 15 of the General Data Protection Regulation (DSGVO); in particular, you are entitled to obtain information about the purposes of processing, the category of personal data, the planned storage period, the origin of your data. Right to rectification of incorrect data or to completion of correct data in accordance with Art. 16 of the General Data Protection Regulation (DSGVO).
IV. 2. Right to erasure of your data stored with us in accordance with Art. 17 of the General Data Protection Regulation (DSGVO), unless any legal or contractual retention periods or other legal obligations or rights for further storage have to be observed.
IV. 3. Right to restrict the processing of your data in accordance with Art. 18 of the General Data Protection Regulation (DSGVO), if you contest the correctness of the data, if the processing is unlawful, but you refuse the erasure thereof; if the data controller no longer needs the data.
IV. 4. Right to lodge a complaint with a supervisory authority. You generally have the right to contact the supervisory authority responsible for your usual place of residence.

V. Right of objection in accordance with Art. 5 of the Bavarian Cancer Registry Act (BayKRegG)

"(1) Anyone has the right to object to the permanent storage of identity data in the Bavarian Cancer Registry, insofar as these data concern him/herself or a person subject to his/her personal care or support.
These identity data must be deleted immediately as soon as they are no longer required for the purposes of mandatory quality assurance, invoicing, or due to other statutory regulations.
The objection must be lodged in writing with the notification office.
Objections may also be lodged with the notification office via persons who have been informed of the right of objection in accordance with Art. 4 (2) 3rd sentence.
The objection concerns identity data which have already been recorded and which will be received in the future. If data on this person were reported by or to another State Cancer Registry, that State Cancer Registry must be informed if an objection was lodged.
(2) Paragraph (1) shall apply mutatis mutandis to a comparable objection lodged in a country in accordance with the law of that country as soon as it has been brought to the attention of the competent Bavarian authority by the authorities there.
(3) Two years after the entry into force of this Act, the State Ministry responsible for Health shall review the provisions of subsections 1 and 2 with regard to effective data protection and adequate quality assurance for the purposes of the Bavarian Cancer Registry.