At FIZ Karlsruhe – Leibniz-Institut für Informationsinfrastruktur GmbH (hereinafter referred to as “FIZ Karlsruhe“, “we” or “us” ) ensuring the security and protection of your personal data is a primary concern. We would therefore like to inform you on how, to what extent, and for which purposes we collect, process and use your personal data.
I. Controller
Controller according to art. 4(7) of the General Data Protection Regulation (GDPR) is
FIZ Karlsruhe – Leibniz-Institut für Informationsinfrastruktur GmbH
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
You will find further information on the controller in our Legal Notices.
II. What we do:
FIZ Karlsruhe offers you web pages for information purposes and online products (hereinafter summarized as our “digital offers”). We process personal data collected from the visitors of our digital offers exclusively in compliance with data protection laws. The legal basis of data protection can be found in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz) in its valid form and the German Telemedia Act (Telemediengesetz).
The sections below will inform you about the type and scope of data we collect, the reasons why we collect them, and the way in which they are used and processed. We use these data only for the purposes we specify.
In general, you may use our web pages without providing any additional personal information.
If you would like to use our online products, you will in most cases need a user account (individual access) for which we will collect personal data from you. In addition, in relation to these products, special rules may apply about which you will be informed separately in the respective Terms and Conditions.
III. What do we know about your use of our digital offers?
1. Log Files
By default, our server will store the following user information in a log file whenever our digital offers are used:
- IP address used
- If you have logged in: your user ID
- Operating system used
- Browser used
- Pages visited
- Searches, if applicable
- Date and time of access
- Volume of data sent and received (bytes)
- Address of the web page from which our page was accessed (referrer)
- Email/delivery address, if applicable, on the basis of the relevant legal basis and separate Terms and Conditions or Terms of Use.
We use the log file data exclusively to
- trace our customers’ movements through our digital offers in case of malfunctions in order to identify the malfunction and to
- trace our visitors’ actions if there is specific indication that our digital offers have been used in an illegal manner.
The legal basis for the usage modalities mentioned above is art. 6(1)(f) GDPR. We will not use the user data contained in the log files, in particular the IP address, for any purposes other than those mentioned above.
We will delete the log files and the information contained therein after 90 days at the latest. This does not apply in cases where there is specific indication that our digital offers were used in an illegal manner. In this case the data will be stored until the matter is settled.
2. Cookies
Cookies are text files that we store on your computer over a defined period of time. We use cookies in our digital offers for various purposes that are described below.
2.1 Cookies required for technical reasons (session cookies)
These cookies are indispensable for our services to function properly. They enable us to create “sessions” during which you can perform actions built upon one another. These cookies are automatically deleted at the end of a session (by closing the tab or the browser used to access our digital offer).
2.2 Cookies storing settings and preferences (convenience cookies)
As an option, we also use cookies to store your settings, e.g., your preferred language. A pop-up message will notify you that we are using cookies before such cookies are stored in our digital offer. Only if you consent to convenience cookies being used, we will store the related information via cookies on your computer. Usually, the lifetime of such cookies ranges from some months to more than one year.
3. Sharing content through social networks
We do not use any mechanisms that automatically transmit data to providers of social networks when our digital offers are visited. Some of our digital offers allow for the sharing of pages through social networks. To be able to share a page, you have to activate the social network’s button by mouse click first. Only upon your activating the button will the provider of the social network learn that you are using our digital offer. You have to carry out this process for each individual page of our digital offer you would like to share.
4. Using FIZ Karlsruhe’s online products and tools
4.1 Online products
In general, you will need a user account and/or an agreement to use our online products. Depending on the product, you can either register directly online or have the account created by our customer service.
If necessary, we will provide separate Terms and Conditions or Terms of Use for our online products with further information. The regulations contained therein and the purposes for which we are using the personal data that are mentioned in these Terms and Conditions or Terms of use have the following legal basis:
- If you have concluded a contract with us in order to use our digital offers, the personal data required to perform this contract are processed according to Art. 6, section 1 lit. b GDPR.
- Beyond performing our contractual obligations we will process your data if this is necessary in order to safeguard a legitimate interest of our own or of third parties. The legal basis is Art. 6, section 1 lit. f GDPR.
- If we request your consent to the processing of personal data, this consent will be the legal basis according to Art. 6, section 1 lit. a GDPR.
- We may be bound by law to process your personal data, for example, to fulfil tax obligations. In this case the data are processed according to Art. 6, section 1 lit. GDPR.
- If the data need to be processed to fulfil legitimate interests, the processing is based on Art. 6, section. 1 lit f GDPR.
- The personal data are stored for the duration of the contract or as long as there is another legal basis for it, and for the mandatory retention periods.
4.2 Online tools for collaboration in projects
In order to use our online tools for collaboration in projects, you usually need to have a user account that our administration will set up for you at your request. We process your data in order to protect legitimate interests of us or third parties. Art. 6(1)(f) GDPR forms the legal basis for this. In this respect, the legitimate interests for the processing of personal data are to enable and organize efficient cooperation between distributed project teams. Personal data is stored for the duration of the contractual relationship or for as long as another legal basis exists and within existing retention periods.
4.3 Videoconference systems
We use videoconference systems to collaborate with our partners and their staff or within the scope of workshops and training.
The videoconference systems are technically made available by the providers. For each videoconference system we use we have either provided an additional data privacy policy or we refer to the regulations of the respective provider. From these additional documents arise the responsibilities for data processing and they explain the nature, scope of the data processed and any additions to the legal basis.
To the extent that personal data of FIZ Karlsruhe staff are processed, Art. 26 BDSG and Art. 6 para. 1 lit. f) GDPR are the legal basis for the data processing. In these cases, our interest is to efficiently perform the online meetings. For all other data subjects, the legal basis for data processing when performing online meetings is Art. 6 (1) lit. b) GDPR, if the meetings are conducted in the context of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest lies in the effective performance of online meetings.
- Additional data privacy regulations for the videoconference system “Zoom“
- Additional data privacy regulations for the videoconference system “Avaya Spaces“
- Additional data privacy regulations for the videoconference system “Cisco Webex Meetings“
- Regulations of the technical provider of the videoconference system “DFNconf“
5. Receiving additional information
When using our website, you may also request further information or support in using our digital offers, i.e., if you
- provide feedback online
- participate in a promotional offer or product test
- request an e-mail notification
- subscribe to a newsletter
- subscribe to a mailing list
In this case we will ask for the necessary personal data and a separate declaration of consent, if required. You consent will then constitute the legal basis according to art. 6, section 1 lit. a GDPR.
Receiving information from us is not mandatory. If we have obtained your consent, your personal data will only be used for the purposes covered by this consent.
Revocation of consent
You have the right to revoke your consent to the use of personal data connected with the aforementioned services at any time. Please note that you will no longer be able to use the services in question after you have revoked your consent.
6. Personal Metadata
In some of our digital offers we are processing metadata from scientific publications (including publications of data). Metadata describe a publication in order to identify it and to make it easily retrievable. These metadata also contain personal information that was either published by the respective persons themselves or that we have taken from publicly available sources:
- Names of the authors or the persons who generated the data
- Persistent, unambiguous person identifiers (e.g., ORCID, VIAF, GND-ID, WikiData-ID)
- Information about which institution the persons belong to
- Hyperlinks to authors’ academic websites
- These personal metadata are usually processed together with other, non-personal descriptive metadata (e.g., the title of the publication, abstract, copyright holder). The purposes for which the data are processed and published include
- Supporting the scientific discourse,
- Searching for and providing publications,
- Acknowledging and correctly attributing scientific achievements,
- Archiving global research knowledge, and
- Persistently providing the descriptive metadata as a set of research data.
All metadata are permanently stored within the scope of providing our services.
The legal basis for processing and publishing these data is GDPR art. 6(1)(f).
The descriptive metadata are processed for research and storage purposes and are required in order to fulfil the specific purposes mentioned above. Therefore, the persons concerned may only object on grounds of their particular situation and if the interests, basic rights and fundamental freedoms of the persons concerned prevail over the legitimate interest mentioned above.
We are always interested in correcting faulty metadata and completing incomplete sets of metadata, if necessary. Therefore, we are very grateful for any hint on missing data and errors to be corrected. Just contact us at one of the addresses listed in section VI.6.
IV. Disclosure of personal data
1. Personal data that were already published by you or by a third party
Depending on the digital offer, we make the descriptive metadata of scientific publications available to the public through websites or as complete download in various machine-readable data formats.
2. Personal data that were not yet published
Your personal data will not be sold or in any other way disclosed to any third parties for marketing or other business purposes without your consent. Please note that other websites that can be accessed through our digital offers may request personal data from you. This data protection policy does not apply to any third-party sites.
Personal data will only be disclosed to public authorities if this is required by law, in particular in order to protect the national or public security, or for the purpose of criminal prosecution.
FIZ Karlsruhe reserves the right to use your data to assert or to defend legal claims.
V. Data security
FIZ Karlsruhe’s digital offers have appropriate security measures in place to prevent the loss, misuse, and unauthorized alteration of your personal data. These include
- end-to-end encryption of data transmitted between you end device and our web pages,
- protection of our computer systems by modern firewall systems,
- regular security updates,
- regular backups, and
- login and access control.
We strive to best protect your personal data in compliance with the relevant data protection laws. However, FIZ Karlsruhe cannot absolutely ensure the security of the data you transmit to us. Therefore, that transfer of data is at your own risk.
In your own interest, please be careful and responsible whenever you are online and protect your personal information against unauthorized third-party access.
VI. Your Rights
1. Right of access by the data subject (Art. 15 GDPR)
Upon request, FIZ Karlsruhe will inform you in writing or by e-mail if your personal data are stored with us and which forms of your personal data are stored with us. If you find factual inaccuracies in your personal data previously transmitted to FIZ Karlsruhe, please contact us by e-mail or at the address below and indicate the required changes or corrections.
2. Right to rectification (Art. 16 GDPR)
Should you detect errors in your personal data stored by us, or if your personal data have changed, you have the right to have these data corrected or updated.
3. Right to erasure (Art. 17 GDPR)
You have the right to have your personal data we have stored blocked or deleted, provided that this does not conflict with any of the reasons listed in art. 17 sect. 3 lit. a-e GDPR.
4. Right to restriction of processing (Art. 18 GDPR)
You have the right to restrict the processing of your personal data stored with us under the conditions outlined in art. 18, sect. 1 GDPR.
5. Right to data portability (Art. 20 GDPR)
You also have the right to receive your personal data that you have provided to us in a structured, common, machine-readable format.
6. Right to object (Art. 21 GDPR)
You also have the right to object at any time to the processing of your personal data on the basis of art. 6 sect. 1 lit. e or f GDPR on grounds relating to your particular situation.
To exercise your rights please contact us informally by mail or e-mail at one of the addresses listed below and describe your concern as precisely as possible. If necessary, we will ask you for further information in order to be able to examine your request.
FIZ Karlsruhe – Leibniz-Institut für Informationsinfrastruktur GmbH
Kundenservice
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
Germany
helpdesk [at] fiz-karlsruhe.de (helpdesk[at]fiz-karlsruhe[dot]de)
Address of our Data Protection Officer:
FIZ Karlsruhe – Leibniz-Institut für Informationsinfrastruktur GmbH
Datenschutzbeauftragter
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
Germany
datenschutzbeauftragter [at] fiz-karlsruhe.de (datenschutzbeauftragter[at]fiz-karlsruhe[dot]de)
You also have the right to lodge a complaint with the competent supervisory authority.
VII. Questions
If you have any further questions relating to our data protection policy, to our digital offers or to the relevant modalities of their access and use, please send an e-mail to our customer service department: helpdesk [at] fiz-karlsruhe.de (helpdesk[at]fiz-karlsruhe[dot]de)
Date: February 07, 2024