Meta menu:

From here, you can access the Emergencies page, Contact Us page, Accessibility Settings, Language Selection, and Search page.

Open Menu

Data protection and privacy policy for the Charité Mastodon channel

Last updated June 2023

You are here:

Charité uses the open, non-commercial microblogging service Mastodon for its media and public relations work, using the instance within this service’s decentralized architecture for this purpose. Charité has established a social media account on this instance. The data protection and privacy policy set out below relates to this account.


1. Scope and purpose of processing

This data protection and privacy policy applies to the processing of personal data where Charité is the controller for purposes of data protection and privacy law as the operator of a social media account on the instance of the Mastodon microblogging service that is used by it. Please also see the privacy policy for this instance:

The purpose of and legitimate interest in operating the account is to use it as a medium within the scope of media and public relations work. The processing operations that are necessarily entailed by the operation thereof are derived from this.

2. Controller’s contact details

Charité – Universitätsmedizin Berlin
Charitéplatz 1, 10117 Berlin, Germany
T: +49 30 450 50

3. Data protection officer’s contact details

Charitéplatz 1, 10117 Berlin, Germany
Phone: +49 30 450 580 016
E-mail: datenschutzbeauftragte(at)

Note: Please do not contact our data protection officer directly unless you have a question or other concern relating to data protection and privacy. For all other matters concerning Charité’s Mastodon account, please use the contact details provided in Sec. 2 above.

4. Legal bases for processing of personal data

The data processing operations that go along with accessing, registering, and further use and are necessary in this regard take place in the context of using an offering of Charité within the scope of its media and public relations work on the basis of point (f) of Article 6(1) GDPR. This includes processing operations to fulfill necessary technical and organizational protective measures.

Where communication with Charité takes place by e-mail in the context of use of the Mastodon instance, the data involved in this (e-mail addresses and content as well as relevant metadata) are processed to the extent necessary for the duration of the processing, except where statutory retention periods stipulate otherwise. The legal basis in this regard as well is point (f) of Article 6(1) GDPR.

5. Data processing of the account

Persons who follow the account are publicly displayed. If you transmit a message, the date and time thereof are also stored, along with information on which application you used to send it. Messages of this kind may contain media attachments such as images and videos.

Direct messages are not encrypted end to end, so in principle, they can be viewed by the administrators of the instance used and the recipient instance. This being the case, you should not transmit any special categories of personal data as defined in Article 9(1) GDPR to Charité, particularly not health data.

All interactions with the account (liking, boosting, or quoting posts) are also displayed publicly. This applies both to actions taken by third parties in relation to posts of the Charité account and those of the Charité account in relation to third-party posts.

6. No statutory or contractual obligation to provide personal data

You are not obligated either by law or under contract to provide your personal data to Charité. However, if you do not provide your personal data to Charité, you may not be able to use the functions mentioned in points 4 and 5 hereof.

7. No automated decision making

Automated decision making does not take place.

8. Facelift

We use the Facelift tool from processor Facelift brandbuilding technologies GmbH, Gerhofstr. 19, 20354 Hamburg, Germany, to be able to manage our social media channels more easily. You can find the Facelift data privacy policy here:

Facelift serves primarily to make it easier to manage all the social media channels we maintain. If a user uses the comments function on our social media page to ask a question specified in further detail in Facelift, then the text and the user’s username flow into the tool together and are displayed to us. The text that has been transmitted and the username are deleted once the inquiry has been answered.

The legal basis for the data processing is point (f) of Article 6(1) GDPR. We use Facelift because we have a legitimate interest in managing the content on our Twitter profile in a way that saves both time and costs but is equally effective, which includes collecting and responding to comments by visitors to our profile. In this regard, it is also in the interest of visitors for their comments to be acknowledged centrally and promptly and – depending on the content – recognized or answered by Charité. This gives us a better overview of user comments, which facilitates communication with the users of our social media presence.

9. Talkwalker

Charité uses Talkwalker for the purposes of brand monitoring on our social media websites and to optimize our campaigns. The brand monitoring encompasses monitoring, collection, and analysis of mentions, statements, and perceptions relating to Charité on the various social media websites. Primary goals here include monitoring the reputation and acceptance of Charité in the public and among consumers and assessing these factors on a targeted basis in terms of demographics.

This Web analytics service is provided by Talkwalker Sàrl, 12-16 Avenue Monterey, 2163 Luxembourg, Luxembourg. The service includes extensive data analysis and provision of all information and opinions mentioned regarding Charité on social media platforms, a search engine option for brand and trend checks and for comparison with competitors, and tracking of campaigns placed by Charité.

We process your personal data on the basis of our legitimate interest pursuant to point (f) of Article 6(1) GDPR. Our interest consists in keeping abreast of what is being published and said about Charité and having this information in order to be able to respond to issues such as fake news or security problems. The data collected in this context are deleted after this purpose ceases to apply and after we stop using Talkwalker.

10. Your rights

Where your personal data are processed, you have, pursuant to the GDPR, the rights of access to and rectification or erasure of personal data, the right to data portability, and the right to restriction of processing.

Since Charité processes your personal data on the basis of its legitimate interest (point (f) of Article 6(1) GDPR), you can object to the processing by contacting Charité or the data protection officer (by e‑mail, for example; for contact details, see point 3 above).

If you are exercising your right to object, please specify the reasons that your personal data should not be processed. In case of an objection, the facts of the matter will be reviewed and the data processing will either be discontinued or adjusted to fit the circumstances, or you will be informed of the compelling legitimate grounds on which the processing is being continued.

11. Data protection supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The data protection supervisory authority with jurisdiction is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61, 10555 Berlin, Germany
T: +49 30 13889-0
E-mail: mailbox(at)