Data Privacy Policy

Thank you for your interest in our website. We routinely comply with data privacy laws, including the EU Data Privacy Regulation, the German Data Privacy Act (BDSG) and the Telemedia Act (TMG).

You generally do not need to provide any personal information to use the website of the Torsten Haferlach Leukemia Diagnostics Foundation. However, if a data subject wishes to make contact with the Foundation via e-mail, personal information processing may be required. If personal information processing is required and there is no legal basis for processing, we generally ask for consent from the data subject.

Personal information, for example the name, mailing address, e-mail address or telephone number of the data subject, is always processed in accordance with the General Data Privacy Regulation (pursuant to Article 4 paragraph 1 GDPR) and in compliance with the domestic data privacy laws applicable to the Torsten Haferlach Leukemia Diagnostics Foundation (§ 46 BDSG). We are publishing our data privacy policy to inform the public about the nature, scope and purpose of the personal information that we gather, use and process. Furthermore we inform data subjects of their rights by means of this data privacy policy.

The Torsten Haferlach Leukemia Diagnostics Foundation, as the Data Controller, has implemented numerous technical and organizational measures to ensure the most complete possible protection of all personal information processed via this website. Nevertheless, transmitting data via the internet can be insecure, so we cannot guarantee absolute protection. Therefore every data subject is free to submit her or his personal information to us by other means, for example by telephone.

General Term Definitions

The data protection declaration of the Torsten Haferlach Leukemia Diagnostics Foundation is based on the terms used by the European Directive and Regulatory Authority when the basic data protection regulation (GDPR) was issued. Our data privacy policy is intended to be easy to read and understand, both for the public and for our customers and suppliers. To ensure this, first of all we would like to explain the meaning of the terms we use. Here are some of the terms we use in this data privacy policy:

Personal Data

Personal information means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if he or she can be identified either directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online username or one or more special features that reflect the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.

Data Subject

The data subject means any identified or identifiable natural person whose personal information is processed by the Data Controller.


Processing means conducting any process or sequence of processes, whether automatic or not, on personal information, such as collecting it, recording it, organizing it, arranging it, storing it, adapting or modifying it, reading it out, querying it, using it, disclosing it by transferring it to others, disseminating it or otherwise making it available, reconciling or linking it, restricting it and deleting or destroying it.

Restriction of Processing

To restrict processing means to label stored personal information so as to limit its future processing.


Profiling is any kind of automated processing of personal information that consists of using personal information to assess or predict a natural person’s personal traits, especially traits that reflect job performance, economic situation, health, tastes, interests, reliability, behavior, current location or change in location.


Pseudonymizing means processing personal information such that it can no longer be attributed to a specific data subject without first obtaining additional information. This requires that such additional information must be stored separately and be secured technically and organizationally to prevent the personal information from being linked to any identified or identifiable natural person.

Data Controller

The Data Controller is the natural or legal person, government agency, institution or other entity that, alone or in conjunction with others, determines why and how personal information will be processed. If the purposes and means of this data processing are determined by EU law or the national law of an EU member state, the Data Controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.


The processor is a natural or legal person, government agency, institution or other entity that processes personal information on the Data Controller’s behalf.


The recipient is a natural or legal person, government agency, institution or other entity to whom personal information is disclosed regardless of whether it refers to a third party or not. However, legal authorities are not considered recipients when they receive personal information under EU or domestic law in order to conduct an investigation.

Third Parties

A third party is any natural or legal person, government agency, institution or other entity apart from the data subject, the Data Controller, the processor and the persons directly authorized by direct authority of the Data Controller or processor to process the personal information.


“Consent” shall mean voluntarily and unambiguously expressing the data subject’s will, in words or other clear actions that clarify the acceptance of processing of personal information for the case in question.

Recording of general data and information

Every time a data subject or an automated system accesses the Torsten Haferlach Leukemia Diagnostics Foundation’s website, the website records certain items of data and general information. This data and general information is then stored in the server’s log files. The following may be collected: (1) browser type and -version used, (2) the operating system used by the accessing system, (3) the web page from which our website is accessed (so-called referrer), (4) the sub-page that is accessed on our website via an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the internet service provider of the accessing system and (8) other comparable information that might be useful for warding off attacks on our IT systems.

When using this general information, the Torsten Haferlach Leukemia Diagnostics Foundation draws no inferences about the data subject. This information is used, rather, to (1) correctly display our website’s contents, (2) to optimize our website’s contents, (3) to ensure that our computer systems and the technology of our website continue to function, and (4) for reporting information necessary for prosecution to law enforcement authorities in case of a cyberattack. Thus Torsten Haferlach Leukemia Diagnostics Foundation evaluates this anonymously gathered information statistically and also in order to ensure data privacy and enhance the foundation’s data security, thus ensuring optimal protection of the personal information we process. The anonymous data from the server log files is stored separately from all personal information reported by the data subject.

Contact via website

Pursuant to law, the Torsten Haferlach Leukemia Diagnostics Foundation website contains information that enables swift electronic contact to our company and direct communication with us. This information includes an e-mail address. When a data subject initiates contact with the Data Controller via e-mail, any personal information disclosed by the data subject is automatically stored. Any such personal information that a data subject provides voluntarily to the Data Controller is stored for the purpose of processing or for the purpose of initiating contact with the data subject. None of this personal information is disclosed to third parties.

Applicant Data

We collect and process application data electronically for the purpose of managing the application process. If your application is followed by the conclusion of an employment contract, your transmitted data may be stored by us in the personnel file for the purpose of the usual organizational and administrative process in compliance with the relevant legal regulations.
If the application is rejected, the applicant data submitted will be deleted automatically two months after the rejection is announced. This does not apply if longer storage is necessary due to legal requirements (e.g. the burden of proof according to the General Equal Treatment Act) or if the applicant has expressly agreed to longer storage in the database of interested parties.

Routine deletion and blocking of personal information

The Data Controller will process and store the data subject’s personal information only for as long as needed to achieve the purpose of the storage or, if storage is required by the European Directive and Regulatory Authority or another legislative entity, for as long as the Data Controller is legally bound to do so. Whenever the purpose of storage is no longer desired or the storage period stipulated by the European Directive and Regulatory Authority or another responsible legislative entity has expired, personal information is automatically blocked or deleted pursuant to law.


The website uses so-called “cookies.” Cookies do not harm your computer and contain no viruses. Cookies are small text files that are filed on your computer and stored by your browser. Two sorts of cookies are used. Temporary or “session” cookies are automatically deleted when you close your browser. Long-term cookies have a maximum lifespan of one month. This sort of cookie makes you easy to recognize when you access the website again later. For example they are used in the “stay logged in” feature. You can set your browser to be notified whenever cookies are stored, to allow cookies on a case-by-case basis, to reject all cookies or certain kinds of cookies, and to delete all cookies automatically on closing the browser.

Your rights as a data subject under GDPR (Articles 15–18 and 21)

You may at any time request to receive information free of charge about your data stored with us in a generally accessible data format, without providing any reasons. In your request for information you should specify your concern in order to make it easier for us to compile the necessary data. Please note that under certain circumstances your right to information may be restricted in accordance with the statutory provisions (in particular § 34 BDSG).
You may at any time have your data corrected, completed, or deleted. Within the framework of Article 18 GDPR, you have the right to request a restriction of the processing of data concerning you. You may also at any time revoke the consent you gave us to store and use your information, without giving any reason. To revoke your consent, please write to the contact address on the impressum page. We are always happy to answer any additional questions you may have regarding our recommendations, data privacy matters and how we process your personal information.
In case of breaches of the GDPR, you can contact your data protection supervisory authority.

Legal basis for our processing of information

Article 6(I)(a) GDPR is the legal basis for our company’s processing procedures that involve obtaining consent to process for a specific purpose. Whenever we have to process personal information in order to fulfill a contract to which you are a party, for example when we process information to supply goods, render a service or make a payment, the processing procedure is based on Article 6(I)(b) GDPR. The same applies to any processing needed to perform pre-contractual acts, for example when we receive inquiries about our products or services. If the law obliges our company to process personal information, for example for the fulfillment of tax obligations, then processing is based on Article 6(I)(c) GDPR. Lastly, processing operations can be based on Article 6(I)(f) GDPR. This is the legal basis for processing procedures that are not covered by any of the above legal grounds, if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights or fundamental freedoms of the data subject are more worthy of protection. These processing procedures are permitted in particular because European law expressly permits it. In this connection, the law states that a legitimate interest may be assumed if the data subject is a customer of the Data Controller (Recita 47, second sentence, GDPR).

Legitimate interests of the Data Controller or a third party in processing

If processing of personal information is based on Article 6(I)(f) GDPR, then the legitimate interest in question is our interest in conducting our business for the benefit of all of our employees and shareholders.

Duration of storage of personal information

The length of time for which personal information can be stored is determined by the applicable retention period provided by law. Once this period has elapsed, the data is routinely deleted unless it is still needed in order to fulfill an existing contract or to initiate a new one.

Legal or contractual duty to supply personal information; information needed for a contract; obligation of the data subject to provide personal information; possible consequences of not providing personal information

You are hereby informed that you may be obligated to supply personal information either by law (e.g. tax regulations) or by contract (e.g. information on the contracting party). Sometimes it may be necessary for the conclusion of a contract to provide personal data, which we consequently process. For example, the data subject is required to give us his or her personal information whenever he or she concludes a contract with our company. Failure to provide the personal data would result in the inability to successfully close the contract with the data subject. Before the data subject provides any personal information, she or he must speak with one of our employees. Our employee will inform the data subject on a case-by-case basis whether supplying the personal information is required by law or by contract or is needed to conclude a contract, whether the data subject is obliged to provide the personal information and what would happen if the data subject refuses to provide it.

Existence of automated decision-making

Since we are a responsible company, we do not allow automatic decision-making or profiling.


Information pursuant to § 5 TMG / name and address of the Data Controller within the meaning of the Basic Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is the:

Torsten Haferlach Leukämiediagnostik Stiftung
Prof. Dr. med. Dr. phil. Torsten Haferlach
Max-Lebsche-Platz 31
81377 Munich
T: +49 (0)89 99015-0
F: +49 (0)89 99015-108

Liability for content

Pursuant to § 7(1) TMG, as a service provider our responsibility for our own content on these pages is governed by general law. Pursuant to §§ 8 to 10 TMG, however, as a service provider we are not bound to monitor any third-party information that is transmitted or stored, or to investigate circumstances that might point to illegal activity. This does not affect any duty we may have under general law to remove information or block its use. However no liability of this type arises until we become aware that a specific offense may have been committed. Once we become aware of an offense we will remove such content immediately.

Copyright and Right of Use

Whatever is published on these pages is subject to German copyright law. Any content from a third party is marked as such. Reproduction, processing and any use beyond copyright limits requires the consent of the Torsten Haferlach Leukemia Diagnostics Foundation or the author. Downloading and copying of these pages is allowed only for private, non-commercial purposes. If you wish to republish contents from our pages, please contact us.

Legal notices

Although we make every effort to verify what we publish, we assume no liability for its accuracy. The Torsten Haferlach Leukemia Diagnostics Foundation shall not be liable for damages caused directly or indirectly by the use or non-use of the information posted on this site or by the use of incorrect or incomplete information, unless malice aforethought or gross negligence is proven. The Torsten Haferlach Leukemia Diagnostics Foundation retains the right to change, supplement or delete all or parts of its website without prior notice and to discontinue publication temporarily or permanently. Publications on this site do not take into consideration any possible patent protection. Trade names are used without guarantee of a free use.

Before Torsten Haferlach Leukemia Diagnostics Foundation links to third-party content (external links), it verifies whether such linking will make it liable for anything and whether it may be committing a criminal offense when doing so (§ 5 paragraph 2 MDStV). However this type of external content can change at any time without the knowledge of the Torsten Haferlach Leukemia Diagnostics Foundation. Pursuant to § 5(3) MDStv, the Torsten Haferlach Leukemia Diagnostics Foundation is not obliged to verify whether placing external links may have legal consequences.

This data protection declaration was created by, among others, the data protection declaration generator of the external DSB Mannheim in cooperation with RC GmbH and the filesharing lawyers of WBS-LAW.

Changes to the privacy policy

We reserve the right to occasionally adapt our data protection provisions so that they always comply with current legal requirements or to implement changes to our services in the data protection declaration. We encourage you to review this Privacy Policy periodically to keep abreast of the privacy of the personal information we collect. Your continued use of the service constitutes your acceptance and updating of this Privacy Policy.


You wish to support the foundation’s work? Our donation account is:


IBAN: DE9374 3200 7300 2778 2329

Purpose of payment line 1:

Purpose of payment line 2:
Address of donor


We will gladly answer your questions or provide you with information on the Foundation.

Telephone +49 (0)89 99015-0       Send an e-mail