Privacy Policy

 

In this privacy policy, we inform you about the processing of your personal data in connection with the use of our website. Personal data refers to information which relates to an identified or identifiable person. This includes, in particular, information which makes it possible to draw conclusions about your identity, such as, for example, your name, telephone number or e-mail address. However, certain identifiers, such as your IP address or the device ID of the end device you are using, also constitute personal data. The details of our practices and your rights in that regard are explored in greater detail throughout this privacy policy.

 

  1. Data controller and point of contact

Since the research network KonKoop is headed by the

Centre for East European and International Studies (ZOiS) gGmbH
Mohrenstraße 60
10117 Berlin

Telephone: +49 (30) 2005949-23
E-mail: datenschutz(at)zois-berlin(dot)de

– hereinafter referred to as: ‘ZOiS’, ‘we’ or ‘us’ –

the ZOiS is the point of contact and so-called data controller with responsibility for processing your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR).

For all queries regarding data protection in connection with our activities or the use of our website, please contact our data protection officer at any time. The data protection officer can be contacted at the above postal address and at the e-mail address given above (please write ‘FAO data protection officer’). We would like to point out that enquiries sent to this e-mail address will not be read solely by our data protection officer. Therefore, if you wish to exchange confidential information, please contact the officer directly via this email address in the first instance.

 

  1. Data processing on our website

2.1. Visiting our website/connection data

Every time you use our website, we collect the data which your browser automatically transmits in order to enable you to visit our website. This connection data comprises the so-called HTTP header information, including the user agent, and include in particular:

The IP address of the software/browser that is making the request to the website;

  • Methods (e.g. GET, POST), date and time of request;
  • The address of the requested website and path of the requested file;
  • If applicable, the previously accessed website/file (HTTP referrer);
    Information about the browser used and the operating system;
  • A version of the HTTP protocol, the HTTP status code, the size of the delivered file;
  • Request information such as language, type of content, encoding of content and character sets;
  • Cookies from the accessed domain which are stored on the end device.

This connection data must be processed to enable the website visit, to guarantee the permanent functionality and security of our systems, and to facilitate the general administrative maintenance of our website. For the purposes described above, the connection data is also stored – temporarily and limited to the most necessary content – in internal log files. This allows us to find the cause of and take action against repeated or criminal attempts to access our website that endanger its stability and security.

The legal basis for this data processing is Article 6(1)(b) GDPR, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Article 6(1)(f) GDPR due to our legitimate interest in enabling access to the website and ensuring the permanent functionality and security of our systems. However, the automatic transmission of the connection data and the log files developed on that basis do not amount to accessing information in the end device within the meaning of the national laws developed by EU member states for the purpose of transposing the ePrivacy Directive (in Germany, Section 25 TTDSG).

The log files are generally stored in abbreviated form with no direct personal reference for seven days. We only retain such data for as long as it is necessary for the stated purpose.

 

2.2. Making contact

You can contact us by e-mail and by telephone. In this context, we only process your data for the purpose of communicating with you.

The legal basis for this processing is Article 6(1)(b) GDPR, insofar as your details are required to answer your question or to initiate or execute a contract, and otherwise Article 6(1)(f) GDPR due to our legitimate interest in enabling you to contact us and responding to your query.

The data we collect when you contact us will be automatically deleted after we have fully processed your enquiry unless we still need your enquiry to fulfil contractual or legal obligations (see section 7 ‘Storage period’).

 

  1. Use of tools on the website

3.1. Technologies used

This website uses various services and applications (referred to collectively as ‘tools’), which are provided either by us or by third parties. This includes, in particular, tools that use technologies to store or access information in the end device:

  • Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiry date. Session cookies (e.g. PHPSESSID) are deleted after the session.
  • Web storage (local storage/session storage): information stored on the end device, consisting in particular of a name and a value. Information in the session storage is deleted after the session, while information in the local storage has no expiry date and generally continues to be stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with time entry). Information in the local and session storage can also be removed manually.
  • JavaScript: programming codes (scripts) embedded in or accessed from the website which, for example, set cookies and web storage or actively collect information from the end device or about the usage behaviour of the visitor. JavaScript can be used for ‘active fingerprinting’ and usage profiling. JavaScript can be blocked by a setting in the browser, although most services will then no longer function.

With the help of these technologies and also through the mere establishment of a connection on a page, so-called ‘fingerprints’ can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints due to connection establishment cannot be completely prevented manually.

Most browsers are set by default to accept cookies, run scripts and display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or block scripts and graphics. If you completely reject cookies and block graphics and scripts, our services will probably not work or not work properly.

In what follows, we list the tools we use by category, informing you in particular about the providers of the tools, the storage period foreseen for the cookies or information in local storage and session storage, and the transfer of data to third parties. We also explain the cases in which we obtain your voluntary consent to use the tools and how you can revoke it.

 

3.2. Legal basis

We use tools necessary for the operation of our website on the basis of our legitimate interest in ensuring the basic functions of our website pursuant to Article 6(1)(f) GDPR. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Article 6(1)(b) GDPR. Access to and the storage of information in the end device is absolutely necessary in these cases and takes place on the basis of the national laws developed by EU member states for the purpose of transposing the ePrivacy Directive (in Germany, Section 25 paragraph 2 TTDSG).

 

3.3. Necessary own tools

We use our own necessary tools to access or store information on the end device, in particular

  • To register that you have already been shown information placed on our website – so that this is not shown again on your next visit to the website.
  • To enable the basic functions of our website (‘necessary tools’).

Without these tools we could not provide our service. Therefore, necessary tools are used without obtaining your consent, we just inform about it when accessing our website.

We use necessary tools for the operation of our website on the basis of our legitimate interest in ensuring the basic functions of our website pursuant to Article 6(1)(f) GDPR. In those cases where the provision of the respective website functions is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, data processing is carried out in accordance with Article 6(1)(b) GDPR. Access to and the storage of information in the end device is absolutely necessary in these cases and takes place on the basis of the national laws developed by EU member states for the purpose of transposing the ePrivacy Directive (in Germany, Section 25 paragraph 2 TTDSG).

 

  1. Transfer of data

In principle, data collected by us is passed on only if, in the specific case, a legal basis for doing so exists in data protection law, in particular if:

you have given your explicit consent to the transfer in accordance with Article 6(1)(a) GDPR,

  • the forwarding of the data in accordance with Article 6(1)(f) GDPR is necessary for the establishment, exercise or defense of legal claims and there are no grounds to assume that you have an overriding interest, which requires protection, in preventing the onward transmission of your data,
  • we have a statutory obligation to pass on the data in accordance with Article 6(1)(c) GDPR; this applies particularly if, on the grounds of requests from public authorities, judicial decisions, or legal proceedings, this is necessary for the pursuit or enforcement of justice,
  • this is authorized by law and, in accordance with Article 6(1)(b) GDPR, is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

Some of the data processing may be undertaken by our service providers. Our website is hosted in a data center owned by the Netcup GmbH, Daimlerstr. 25, D-76185 Karlsruhe. The location of the data center is Nürnberg, Germany. If we pass on data to our service providers, they must use the data solely for the performance of their tasks. We have carefully chosen and commissioned the service providers. They are contractually bound by our instructions, have put in place appropriate technical and organizational measures for the protection of the rights of the data subjects and are regularly checked by us.

 

  1. Storage duration

In principle, we only store personal data for as long as is necessary for the fulfilment of the purposes for which we collected the data. After this, we delete the data without undue delay unless we still require the data until the expiry of the statutory limitation period for purposes of proof for civil law claims or due to statutory periods of safekeeping, or if, in the specific case at hand, another legal basis exists in data protection law justifying the continued processing of your data.

We are obliged to store contractual data, in particular, for purposes of proof for three years after the end of the year in which the business relationship with you ends. Any claims lapse at this point in time, at the earliest, following the usual statutory limitation period.

Even after this time, we are required to store some of your data for accounting reasons. We have an obligation to do so due to statutory duties of documentation, which may arise, for example, from the Commercial Code or the German Fiscal Code. The time-limits prescribed therein for the safekeeping of documents are between two and ten years.

 

  1. Your rights, particularly revocation and objection

As the data subject, you may, at any time, assert the following rights, as provided for in Article 7(3), Articles 15–21 and Article 77 GDPR, provided that the relevant legal requirements are met:

Right to withdraw your consent (Article 7(3) GDPR);

  • Right to object to the processing of your personal data (Article 21 GDPR);
  • Right to information about the processing of your personal data by us (Article 15 GDPR);
  • Right to rectification of inaccurate personal data concerning you and stored by us (Article 16 GDPR);
  • Right to erasure of your personal data (Article 17 GDPR);
  • Right to restriction of processing of your personal data (Article 18 GDPR);
  • Right to portability of your personal data (Article 20 GDPR);
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

In order to assert your rights described here, you may, at any time, make use of the contact details provided above. The same applies if you wish to receive copies of guarantees proving an adequate level of data protection. Provided that the relevant legal requirements are met, we will comply with your data protection request.

Your requests to assert your data protection rights and our replies will be held in safekeeping for a period of up to three years for documentation purposes and occasionally, in individual cases, for longer periods for the establishment, exercise or defence of legal claims. The legal basis is Article 6(1)(f) GDPR for the purposes of our interest in mounting a defense against any civil law claims (Article 82 GDPR), avoiding administrative fines (Article 83 GDPR) and fulfilling our duty of accountability (Article 5(2) GDPR).

 You have the right to revoke consent already granted in relation to us at any time. This has the consequence that we will no longer continue the data processing based on this consent for the future. Revocation of the consent does not affect the lawfulness of the processing which took place in the past on the basis of the consent until the time of revocation.

 Insofar as we process your data for the purposes of our legitimate interests, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. Where personal data are processed for direct marketing purposes, you have a general right of objection which we will also respect even without a statement of reasons.

 If you wish to assert your right of revocation or objection, simply notify us using the contact details provided.

You also have the right to lodge a complaint with a supervisory authority responsible for data protection. You may, for example, exercise this right by lodging a complaint with a supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement. In Berlin, where ZOiS is based, the supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information: Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin.

 

  1. Changes to this Privacy Policy

We occasionally update this Privacy Policy, for example if we make changes to our website or if the relevant statutory or administrative provisions have been amended.

 

July 2023