PRIVACY NOTICE
The following English translation of the “Datenschutzerklärung” is for information purposes only. Only the German version is legally binding.
Responsible for data processing
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other legal data protection provisions is:
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
Am Faßberg 11
37077 Göttingen
Germany
Phone: +49 551 201-1523
E-mail: support@gwdg.de
Website: www.gwdg.de
Contact person / Data protection officer
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
Datenschutzbeauftragter
Am Faßberg 11
37077 Göttingen
Germany
E-mail: datenschutz@gwdg.de
General information on data processing
Scope of the processing of personal data
As a matter of principle, we only process personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) lit. (a) of the EU General Data Protection Regulation (GDPR) is the legal basis for personal data processing.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6 (1) lit. (b) GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) lit. (c) GDPR is the legal basis.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, the legal basis is Article 6 (1) lit. (d) GDPR.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO is the legal basis for the processing.
Provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data will be collected in any case:
- date of access
- name of the operating system installed on the accessing device
- name of the used browser
- source system via which the access was made
- the IP address of the accessing device, with the last two bytes masked before the first storage (example: 192.168.xxx.xxx). The abbreviated IP address cannot be associated with the accessing computer.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
Data processing when creating accounts
When creating an account, the so-called “double opt-in” procedure is used. This means that after your registration, we send you an e-mail to the e-mail address you provided, which contains a link that you must call to confirm the creation of this account.
The following data, in addition to the above, is stored when an account is created:
- e-mail address
- name and first name
- mobile phone number (if provided)
- date and time of the times of registration and confirmation
The following data can optionally be provided by you after the account has been created:
- additional e-mail address(es)
- salutation and title
- date of birth
- additional telephone number(s)
- postal address(es)
- security-specific settings (security questions and answers; two-factor authentication)
Each time you log in with an existing account on our website, our system automatically collects further data on the basis of previously mentioned information. The following data is collected during actions in the logged-in state:
- date of access
- purpose or action on the website (e.g. changing/re-setting passwords; failed log-on attempts etc.)
- name of the operating system installed on the accessing device
- name of the used browser
- source system via which the access was made
- the IP address of the accessing device, with the last two bytes masked before the first storage (example: 192.168.xxx.xxx). The abbreviated IP address cannot be associated with the accessing computer.
- an estimate of the location of the accessing client based on the IP address
Legal basis for data processing
The legal basis for temporary storage of data and the log files is Article 6 (1) lit. (f) GDPR.
Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
A temporary recording of the actions carried out by the user on our website takes place exclusively for the purpose of traceability for the user himself. An evaluation of the data for other purposes does not take place in this context.
The storage in log files is done to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Article 6 (1) lit. (f) GDPR.
Retention period
The data is erased as soon as it is no longer required to achieve the purpose which it was collected. In the case of the collection of data for the provision of the website, this is the case when the relevant session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Further retention beyond this is possible. In this case, the IP addresses of the users are erased or modified so that an assignment of the calling client is no longer possible.
Objection and elimination option
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string of characters that enables the browser to be uniquely identified when the website is called again.
We use cookies to make our website more user-friendly. Certain elements of our website require that the calling browser can be identified even after a page change. For this purpose, we use so-called “session cookies”.
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. (f) GDPR.
Purpose of the data processing
The purpose of using cookies is to simplify the use of websites for the users. Some functions of our website cannot be provided without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The user data collected through cookies is not used to create user profiles.
These purposes also constitute our legitimate interest in processing personal data pursuant to Article 6 (1) lit. (f) GDPR.
Retention period, objection and elimination option
Cookies are stored on the user’s computer and transferred to our site by the user. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, you may no longer be possible to use all functions of the website to their full extend.
Registration
Description and scope of data processing
On our website, we offer users with the possibility to register by providing personal data. The data is entered in the input screen and transferred to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:
- name and first name
- e-mail address
- mobile phone number (optional) to send mTANs to reset the user’s own password
Consent to the processing of this data is obtained in the course of the registration process.
Legal basis for data processing
The legal basis for data processing where the user has given their consent thereto is Article 6 (1) lit. (a) GDPR.
If the registration serves the fulfilment of a contract to which the user is a contracting party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) lit. (b) GDPR.
Purpose of the data processing
User registration is required for the provision of certain content and services on our website.
Retention period
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected.
This applies to data collected during the registration process when the registration on our website is deleted or modified.
Objection and elimination option
As a user, you have the option of eliminating your registration at any time. You can have the data stored about you changed at any time.
Support form and e-mail contact
Description and scope of data processing
Our website contains a form that can be used for electronic support requests. If a user uses this option, the data entered into the input screen is transferred to us and stored.
This data is:
- e-mail address
- user name (optional)
- name and first name (optional)
- telephone number (optional)
- operating system name (optional)
- name of the used browser (optional)
If a user is registered with the GWDG (see also “registration”) and has logged in, this data is automatically provided on the support form. The data can be edited before submitting the form.
Alternatively, we can be contacted using the e-mail address provided. In this case, the user’s personal data transferred with the e-mail is stored.
In this context, data will not be disseminated to third parties. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data if the user has given their consent thereto is Article 6 (1) lit. (a) GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. (f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for the processing is Article 6 (1) lit. (b) GDPR.
Purpose of the data processing
The processing of personal data from the input screen serves solely to handle the contact. In the case of any contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serves to prevent abuse of the contact form and ensure the security of our IT systems.
Retention period
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the input screen of the contact form and those sent by e-mail, this is the case when the relevant conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be erased after a period of seven days at the latest.
Objection and elimination Option
The user can withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of the contact will be erased in this case.
Map display with HERE Maps
HERE Maps JavaScript API is a map service of HERE Global B.V, Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands. We use HERE Maps to present a map of our location and to support the display of your last activities in the “Security” section of your user account. We do not actively transfer personal data to HERE Maps; However, it is possible that information on your access (including your IP address) is transferred to and stored on a HERE Maps server when your browser retrieves and displays the map.
For more information on data protection and the HERE Maps terms of use, please refer to: https://legal.here.com/de-de/privacy/policy.
Web analysis with Matomo
Description and scope of data processing
Our website uses the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the user's computer (for information on cookies see above). The following data is saved if individual pages of our website are accessed.
Specifically, the following basic data is saved for each access/retrieval:
- the IP address, anonymised by shortening
- cookie to distinguish between unique users
- previously visited URL (referrer), if provided by the browser
- operating system name/version
- name of the used browser, version and language settings
- If JavaScript is activated, the following data is collected additionally for each access/retrieval:
- the URLs visited on this website
- time of website access
- type of HTML queries
- screen resolution and colour intensity
- technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF,
- WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)
The software programs run exclusively on the servers which we operate in our computing centre. Personal data of the users is only saved on those servers. The data is not passed on to third parties.
The software programs are set in such a way that two IP address bytes are masked and the full IP address is not saved (example: 192.168.xxx.xxx). The abbreviated IP address cannot be associated with the accessing computer.
Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Article 6 (1) lit. (f) GDPR.
Purpose of the data processing
The processing of users’ personal data allows us to analyze how our users surf. Evaluating the data obtained enables us to compile information about the use of individual components of our website. This helps us continuously to improve our website and its user-friendliness. Such purposes also constitute our legitimate interest in data processing pursuant to Article 6 (1) lit. (f) GDPR. The anonymization of the IP address sufficiently protects the user’s interest in the protection of their personal data.
Retention period
The data is deleted as soon as it is no longer required for our recording purposes. For our website, this is the case after seven days.
Objection and elimination option
Cookies are stored on the user’s computer and transferred to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extend.
You have the following independent possibility of objecting to data collection by Matomo: Activate the “do not track” or "nicht folgen" function in your browser. If this function is activated, our Matomo system will not save any data from you. Please note: The “do not track” command generally applies only to the relevant device and the browser in which you activate the function. If you use several devices or browsers, you must activate the “do not track” function separately for each device/browser.
You can find more information about the privacy settings of the Matomo software here: https://matomo.org/docs/privacy/.
Rights of data subjects
You have various rights with regard to the processing of your personal data. We list them in the following, but there are also references to the articles (GDPR) and/or paragraphs (BDSG (2018)) which provide even more detailed information.
Right of access by the data subject (Article 15 GDPR; § 34 BDSG)
You may request confirmation from the controller whether we process personal data related to you. This includes the right to obtain access to information as to whether the personal data concerning you is transferred to a third country or to an international organization.
Right to rectification (Article 16 GDPR)
You have a right of rectification and / or completion vis-à-vis the controller if the personal data processed related to you is inaccurate or incomplete. The controller must perform rectification immediately.
Right to erasure / “Right to be forgotten” / Right to restriction of processing (Article 17/18 GDPR; § 35 BDSG)
You have the right to request the immediately erase of your personal data from the controller. As an alternative, you may request to restrict the processing from the controller, whereby restrictions are referred to in the GDPR/BDSG under the articles and/or sections mentioned.
Notification obligation regarding rectification or erasure of personal data or restriction of processing (“Right to be informed”) (Article 19 GDPR)
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to communicate such rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
Right to data portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition to the scenarios presented in and provisions of the GDPR, it must be noted that portability of mass data / user data is limited to technical readability. The right to data portability does not include that the data created by the user in a proprietary format is converted by the controller into a commonly used, i.e. standardized format.
Right of objection (Article 21 GDPR; § 36 BDSG)
You have the right to object to the processing if this is based only on the controller weighing any interests (see Article 6 (1) lit. (f) GDPR).
Right to withdraw consents in terms of data protection laws (Article 7 (3) GDPR)
You have the right to withdraw your consent under data protection laws at any time. The withdrawal of consent does not affect the lawfulness of processing based on such consent before its withdrawal.
Right to complain to a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.