Data Protection Information

In this data protection information we inform you about the processing of personal data by Honic.

You can address questions regarding data protection to us via the following contact details.

Name and contact details of the controller

This privacy information applies to the processing of data on the website Honic by the responsible party:

Health Data Technologies GmbH
Robert-Mayer-Str. 12
74172 Neckarsulm
Phone: +49 (0)7132 89 986-0

You can reach our data protection officer Mr. Klar via

Personal data of you will be processed by us as the data controller and stored for the period necessary to fulfill the specified purposes and legal obligations. According to Art. 4 No. 1 of the General Data Protection Regulation ("GDPR"), personal data is any information relating to an identified or identifiable natural person.

In Part 1 - Website and Contacting, we will inform you about the processing of personal data on our website and when you contact us.

In Part 2 - Research Data Platform, we will inform you about the processing of personal data on our research data platform.

In Part 2 - Your rights regarding the processing of personal data, we will inform you about your rights regarding the processing of personal data by us.

Part 1 - Website and Contacting

a) When you visit our website

When we visit our website, for technical reasons and to show you the contents we will collect data, which the web browser transmits to the server of our website (e.g. date and time of access, name and URL of the accessed file, browser type and version, website from which the access is made (referrer URL)).

This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file and automatically deleted after 14 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, we will store the log files until the security-relevant event has been eliminated and fully clarified. We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.

This data is encrypted during transport using SSL.

The legal basis of the processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR). Our legitimate interest is the provision of the website accessed by you
and the security of our IT infrastructure.

As part of the processing, we transmit the data to the following recipients: Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm (hosting provider).

b) When you contact us

When you communicate with us, we process data to answer your inquiry. This is usually the e-mail address and the IP address of the sender, as well as the content of the e-mail and any attachments, which may contain personal data.

We offer you the possibility to send us general inquiries via the contact form provided online. Here we collect the following mandatory information:

  • name (first and last name)
  • company
  • e-mail address
  • your personal message

We need your last name to know who the request is from. We need your e-mail address to be able to answer your request.

The personal data collected by us for the use of the contact form will be deleted as soon as your inquiry has been conclusively answered and the deletion does not conflict with any retention obligations.

The legal basis of the processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR). Our legitimate interest is the processing of your contact request.

c) Newsletter

We offer a newsletter in which we inform you about the data available on the Honic platform and about research projects that Honic is conducting or supporting. In addition, through the newsletter you will also receive information about events and workshops offered by Honic or others that may be of interest to you. In order for us to send you the newsletter, you will need to register for the newsletter and also give your express consent to receive it. We will document your consent by means of the so-called "double opt in" procedure.

For this purpose, we collect the following information:

  • Name (first and last name)
  • Business email address
  • Company

The legal basis of the processing is your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). You can revoke your consent at any time via the unsubscribe link in the newsletter or by sending an email to

As part of the processing, we transmit the data to the following recipients: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (newsletter service provider).

d) Use of cookies

We use cookies on our website. Cookies are small text files containing information that can be placed on the user's terminal device via the browser when visiting a website. When the website is called up again with the same end device, the cookie and the information stored in it can be retrieved. Depending on their function and purpose, the user's consent may be required for the use of certain cookies. In this respect, cookies can be differentiated according to whether the user's consent is required for their use.

The following cookies do not require consent:

  • Cookies whose sole purpose is to carry out the transmission of a message via an electronic communications network; and
  • Cookies that are strictly necessary to enable the provider of an information society service expressly requested by the requester or user to provide that service.

All cookies used for purposes other than those mentioned above are cookies that require consent.

We use the following cookies on our website:


Part 2 - Research data platform

We process personal data on our research data platform, including health data that we receive from healthcare providers, insofar as this is necessary for statistical purposes or scientific research projects.

We do not receive any directly identifying data such as real names, insured person numbers or exact addresses, but only the medical content data such as diagnostic data, laboratory values, medication data, responsible specialist, demographic data (e.g. gender, age, region) and a pseudonym. We do not have and cannot obtain directly identifying personal data.

To use the data for research or statistical analysis, we combine and aggregate the data from different service providers.

Honic distinguishes between the following data uses:

  1. Statistical Purpose

We process the pseudonymized data for statistical purposes in order to create overviews of the available data. The creation of statistics is the methodical handling of empirical data and the result of the statistics is always aggregated data that summarizes a minimum number of patient information and thus has no personal reference. The (anonymous) results of the statistical evaluation are not used for measures or decisions regarding individual persons. Third parties are not given access to the original data, but only to the results of the statistics.

2. Scientific Research

We process the data for scientific research and grant third parties access to the data in anonymized form. If we use the data for a specific research project by third parties, we will always anonymize the original data before third parties access it. Researchers will then only have access to anonymous data in a secure analysis environment controlled by us. We do not transfer any personal data to researchers.

Our platform is hosted by Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, a German hosting provider whose servers are located exclusively within the European Union. Under no circumstances will we transfer the data to third countries outside the European Union, i.e. in particular not to the USA or China.

The legal basis for the processing operations is Art. 9 para. 2 lit. j) in conjunction with Art. 89 para. 1, Art. 6 para. 1 sentence 1 lit. f) GDPR i.V.m. Section 27 para. 1 in conjunction with Section 22 para. 2 sentence 2 BDSG, Art. 5 para. 1 lit. b) a.E. GDPR (processing of data for statistical purposes and for scientific research). In doing so, we are pursuing the interest of improving healthcare by enabling new findings through statistical evaluations and scientific research. The data will not be used by Health Data Technologies GmbH for purposes other than those mentioned here.

If you would like to exercise your data protection rights (e.g. right to erasure or objection) against us, please contact As the pseudonymization described above means that we cannot determine whether we have also received data concerning you from the service providers, we can only implement your data protection rights if you provide us with certain directly identifying data for this purpose. However, you can also exercise your rights against the service providers at any time. The service providers will arrange for the implementation of your exercise of rights on our research data platform and we will then no longer use your data.

Part 3 - Your rights regarding the processing of personal data

As a data subject, you have the following rights:

  • Right to information: You can request information about which of your personal data we store.
  • Right to rectification: If you believe that we are holding personal data about you that is incorrect, you may request that it be corrected.
  • Right to erasure and restriction of processing: Under certain conditions, you may request that we erase your personal data or restrict the processing.
  • Right to object: You have the right to object to the processing of your data pursuant to Art. 6 para. 1 sentence 1 lit. e) or f) GDPR on grounds relating to your particular situation. We will no longer process the data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. To object, please contact
  • Right to data portability: You have the right to request that we transfer personal data that you have provided to us to another controller, or that we transfer such data to you in a commonly used, machine-readable format.
  • Right to lodge a compliant: You have the right to complain to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg.

As of: 4th of April 2024