Data protection declaration for website users
Data Protection Declaration of the Leibniz Institute for Resilience Research (LIR) gGmbH according to the legal requirements of Articles 12, 13, and 14 GDPR
Data protection declaration for website users
(Version 8, 13th April 2023)
We, the Leibniz Institute for Resilience Research (LIR) gGmbH, will inform you below in accordance with Article 13 of the EU General Data Protection Regulation (GDPR), or in accordance with Article 14 GDPR if the data acquisition is not direct.
We are pleased to fulfil this obligation and inform you in detail and transparently about which personal data is or will be processed by us.
The purpose of the following explanations is to describe what kind of data we process, for which purpose and what your rights are (in accordance with Articles 15 to 22 and Article 34 GDPR).
Controller
Responsible person according to GDPR and the respective national data protection laws of the European member states as well as other national regulations, which concern data protection, is:
Leibniz Institute for Resilience Research (LIR) gGmbH
Wallstraße 7
55122 Mainz
Phone: +49 (0)6131 89448-02
E-mail: thorsten.mundi@lir-mainz.de
Contact details of the Data Protection Officer:
E-mail: datenschutzbeauftragte@lir-mainz.de
Phone: +49 (0) 7249 20 899 12
Scope of application and purpose of data processing
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
This data protection declaration applies to the website of the LIR gGmbH, which links to this text. This data protection declaration applies to the internet offer www.lir-mainz.de and the contents offered there. For content from other providers, for instance accessible via links, the terms and data protection policies of their websites apply.
Forwarding to another provider
If links to contents of other websites are used on our website, this is recognizable by an appropriate symbol (box with outward pointing arrow) or a text hint. Use of these offers may be subject to conditions other than those described in this data protection declaration.
Cookies, reach analysis, and tracking
As part of the content management system used to provide this website, so-called "session cookies" are used. These are required to provide certain content in the desired manner. These session cookies are deleted after closing your browser.
When using external content via www.lir-mainz.de, for example, in the case of linking to other sites, third-party cookies may be used by their offer. It is not possible for us to explicitly mention those cookies. The current browsers allow you to set the processing of such cookies, so that you can disable the storage of these cookies or set the type of processing by your browser or delete these cookies.
LIR gGmbH uses a tracking analysis by Matomo (https://matomo.org/) in an anonymous form (i.e. 2 bytes of the IP address are anonymized) – only the country codes are stored. Therefore, this kind of tracking does not fall under GDPR. Raw data from the analysis are deleted after 12 months. We receive a general summary of the number, duration, etc. of all visits to our web subsites, as well as information about the type of device and browser used and from which countries the visitors are coming from.
We will give you the option to opt-out from being analyzed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving usability for you and other users. You can disable anonymous tracking on this page: https://lir-mainz.de/datenschutzerklaerung-fuer-webseitennutzer-innen#matomo
Social plugins
This website does not use mechanisms that automatically provide information to social media service providers when visiting our service (social plugins).
Any redirections to providers of social media services such as Youtube, Facebook etc. are exclusively via link, so that data about your visit of our website (e.g., IP addresses, time stamps, URL) or on existing data on your device (e.g., cookie information) is transferred to the those providers only with a conscious use of the link on our website.
E-mail contact
On the website, contact via the provided e-mail addresses is possible. We are only providing the contact detail and a contact via this website is not possible.
In this case you contact us by e-mail, your transmitted personal data will be processed. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for the processing is:
· For the processing of the data after registration for the newsletter by the user: consent by the user according to Article 6 (1) a GDPR.
· If the e-mail contact aims to conclude a contract, the additional legal basis for the processing is Article 6 (1) b GDPR.
If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or there exists no other legal basis for processing of the data.
Registration forms
The processing of personal data from an input mask (online form, e.g. for event registration/membership for ISyN) serves us to be able to contact you and to register for our events.
The legal basis for the processing is for the processing of the registration data by the user is his consent according to Article 6 (1) lit. a GDPR.
In the case of registration via online forms, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection or there exists no other legal basis for processing of the data.
The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
Online donation with the help of the provider "FundraisingBox"
If you would like to donate online, you can do so using our donation form.
For this we use the services of Wikando GmbH, Schießgrabenstraße 32, 86150 Augsburg (hereinafter referred to as “FundraisingBox”). When you use this option for online donations, various personal data are collected from you, which we process exclusively for the purpose of processing payments, processing the donation and creating a donation receipt. Data that you enter in the donation form will be forwarded to LIR gGmbH via the FundraisingBox server and processed by us. We have concluded a data processing agreement with the company FundraisingBox in accordance with Art. 28 GDPR, whereby the data processing by FundraisingBox is secured and GDPR-compliant.
In order to ensure the legality of the payment process, we need at least the following information from you:
· Title and full name
· E-mail address
· a postal address
The above-mentioned personal data is processed for the purpose of processing donations. The user's e-mail address is required to confirm receipt of the donation request. The address is required for issuing the donation receipt. The data entered are therefore passed on directly to the FundraisingBox and to the technical service providers used by the FundraisingBox to provide the form with an encrypted SSL connection to carry out the donation order. The data will not be passed on to other third parties.
FundraisingBox places cookies on your browser through the form:
Cookie name: AWSALBCORS (and depending on the browser, AWSELB)
Cookie function: Cookie is used to control the load balancer for even load distribution on our servers
Data protection: The cookie does not contain any personal data
Cookie name: box
Cookie function: Saves the ID of the user session. Even users who are not logged in (i.e. donors) automatically have a user session that does not contain any information.
Data protection: The cookie does not contain any personal data
Depending on the payment methods activated, additional cookies can be used by external service providers.
Current information on the security procedures used can be found here: http://www.fundraisingbox.com/datensicherheit/.
Further information on data protection at FundraisingBox can be found here: http://www.fundraisingbox.com/datenschutz/.
Depending on the selected payment method, your data will be forwarded by FundraisingBox to the corresponding financial service provider, namely at
· PayPal payment to PayPal S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg
· Payment by credit card to your respective credit card provider.
If you use the PayPal payment services provided by FundraisingBox, please note the respective data protection declarations of PayPal S.à.r.l. (www.paypal.com/de/webapps/mpp/ua/privacy-full) or the data protection regulations of the respective credit card provider.
Your data will be deleted as soon as we no longer need it for the purposes mentioned. However, due to statutory retention requirements, we are obliged to keep your personal data with information on the amount of the donation, donation frequency and donation purpose/project for ten years. The legal basis for the processing is Art. 6(1) lit. b GDPR.
Service providers
Some of the aforementioned processes or services are executed by carefully selected external service providers. We transfer and receive personal data of only on the basis of a separate data protection agreement for processors (according to Article 28 GDPR). If the seat of a service provider is located outside the European Union, a transfer of data to a third country takes place. With these service providers, the respective data protection agreements for the establishment of an adequate level of data protection are contracted and corresponding guarantees agreed.
Hosting of the website
The website is hosted by the following company using appropriate guaranties (based on a data protection agreement according to Article 28 of the GDPR):
1&1 IONOS SE
Elgendorfer Straße 57
56410 Montabaur
Webdesign und Umsetzung
Consultant: Sechs Dinge
Schneckenburgerstr. 4 | 55131 Mainz
+49 (0) 6131 9203982
Programmierung: Kraenk Visuell GbR
Friedrich-Ebert-Platz 17
64289 Darmstadt
FON +49 6151 606 336
kontakt@kraenk.de
Rights of the data subject
As far as one’s personal data are processed, one is according to the GDPR a so-called data subject. If you are the data subject, you have the following rights listed below. The right to negative information is added if we have not saved anything about you.
Information to be provided were personal data is collected
In addition to providing information on whether any data has been stored about you, you have a general right to information. When we are processing your personal data, you can request the following information:
According to the legal wording according to Article 15 GDPR we will inform you upon request about:
· the purposes for which the personal data is processed
· the categories of personal data that are processed
· the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
· the planned duration of the storage of your personal data
· if specific information is not possible, criteria for determining the duration of storage;
Furthermore, we provide you with information about your rights. These are detailed below. You have a right to rectification (Article 16 GDPR) or a right to erasure (Article 17 GDPR) of your personal data. In addition, you have the right to restriction of processing by the controller (Article 18 GDPR) or a right to object to such processing (Article 21 of the GDPR). You have also the right to complain to a supervisory authority (Article 77 DS-GVO).
We also inform you about all available information on the origin of the data, if the personal data are not directly collected from the data subject (Article 14 GDPR).
We will generally not use profiling and will not use your data for automated decision-making in accordance with Article 22 (1) and (4) GDPR.
You also have the right to know whether your personal information is being transferred to a third country or to an international organization. If this is the case, we will inform you about the appropriate guarantees according to Article 46 GDPR regarding the third-country transfer.
Right to rectification
The right to rectification (Article 16 GDPR) and the new right to completion of data are guaranteed if personal data about you is incorrect or incomplete. The correction will be made immediately, which means without any undue delay by us.
Right to restriction of processing
You have the right to restrict the processing of your personal data (Article 18 GDPR). In this case, your data will only be saved and no longer used. According to the law you can assert this right if:
· you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
· the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of personal data;
· if the controller no longer needs personal data for the purposes of processing, but you need them for asserting, exercising or defending legal claims, or if you have lodged an objection to the processing according to Article 21 (1) GDPR and one has to check whether there are other legitimate reasons data processing.
If the processing of your personal data has been restricted, these data may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of major public interest by the Union or a Member State.
As soon as we would like to continue to process the data again, i.e. the restriction of the processing would be cancelled, you will be informed.
Right to erasure
You have the right to request the erasure of your data (Article 17 GDPR) if one of the following cases applies.
We will delete your personal data without undue delay,
· if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
· if you revoke your consent to the processing in accordance with Article 6 (1) a or Article 9 (2) a GDPR and there is no other legal basis for processing
· if you according to Article 21 (1) GDPR object to the processing and no other justifiable reasons for the processing exist, or you according to Article 21 (2) GDPR object to the processing
· if your personal data have been processed unlawfully
· if the erasure of your personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject to
· if the personal data relating to you have been collected in relation to information society services offered pursuant to Article 8 (1) GDPR
Right to be forgotten
If the controller has made the personal data relating to you public and is in accordance with Article 17 (1) GDPR required to erase them, the controller will, by taking the currently available technology into account as well as the implementation costs, inform all instances that are processing the data about your request to delete any links to such personal data as well as copies and replications.
Exceptions to the right of erasure
The right to delete may be restricted. This is the case if the data is required for the following purposes:
· to exercise the right to freedom of expression and information;
· to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject to, or to carry out a task which is in the public interest or in the exercise of public authority delegated to the controller;
· for reasons of public interest in the field of public health according to Article 9 (2) h and i as well as Article 9 (3) GDPR;
· for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR;
· to assert, exercise or defend legal claims;
Right to notification obligation
If you, as the data subject, exercise the right to rectify, delete or restrict data processing, we as controllers are required to notify each recipient to whom the relevant personal data have been disclosed of the correction or deletion of the data or restriction of processing by the data subject (Article 19 GDPR). However, this does not apply if this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability
You, as the data subject, have the right to request the personal data that you have given to a controller in a structured, standard and machine-readable format (Article 20 GDPR).
Added to this is the right to send this data to a third party of your choice. The controller will not prevent you from transferring the data to the new person responsible, provided that the processing is based on a consent in accordance with Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract according to Article 6 (1) b GDPR the processing is done using automated procedures.
As far as this is technically feasible and the liberties and rights of other persons are not affected by this, you also have the right that your personal data will be transferred directly from the original person responsible to the new person in charge.
However, the right to data portability does not apply in all cases. An example would be if the processing of your personal data is necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.
Right to object
In several situations, you are entitled to a right of objection (Article 21 GDPR) against data processing. You are therefore informed that you have the right to object the processing of your personal data at any time, which was based on Article 6 (1) a and e GDPR or Article 9 (2) a and file your opposition with the controller. In this case, your personal data will no longer be processed, unless the person responsible can prove that there are compelling legitimate reasons that outweigh your interests as a data subject and your rights and freedoms. Likewise, processing may continue if it serves to assert, exercise or defend legal claims.
If the processing of your personal data serves direct marketing purposes you continue to have the right to object at any time to this processing for such advertising.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You may object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes under Article 89 (1) GDPR, unless such processing is necessary to fulfil a task of public interest.
Right to withdraw the data protection consent declaration
You have the right to withdraw your consent at any time without giving reasons. The revocation is valid only for the future. This means that by revoking the declaration of consent, the previous processing, until receipt of the revocation of the consent, is not unlawful.
Automated decision-making on a case-by-case basis, including profiling
You have the right not to be subjected to a decision-making process based solely on automated processing in so far as it has a legal effect or similarly affects you in a substantial way (Article 22 GDPR). This also applies to so-called "profiling".
We generally will not use personal information for profiling or automated decision making.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for you is that of your place of residence. In addition, you are free to assert any other remedies from administrative or civil courts.
The supervisory authority with which you filed your complaint will be pleased to inform you of the current status of the results and to provide you with any legal remedies.
Contact:
Prof. Dr Dieter Kugelmann; Hintere Bleiche 34, 55116 Mainz; phone: +49 (0)6131 208 24 49;
e-mail: poststelle@datenschutz.rlp.de
Changes to the data protection declaration
Online: We reserve the right to update our Data Protection Declaration as required and publish it here. The updated statement will become effective upon publication, subject to applicable legislation. If we have already collected data about you that are affected by the change and/or are subject to a statutory information obligation, we will also inform you about significant changes to this data protection declaration.