Data Protection Information according to Article 13 GDPR
As the party responsible for data processing (controller), we process your personal data collected via our website and store them for the period necessary to achieve the specified purposes and to comply with statutory requirements. In the following, we inform you about the data we collect and the way we process them. Furthermore, we inform you about your data privacy rights pertaining to the use of this website.
Personal data, as defined by Article 4(1) General Data Protection Regulation (GDPR) includes any information relating to an identified or identifiable natural person (data subject). A natural can be identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
Table of contents
- Name and Contact Information of the Controller and of the Data Protection Officer
- Modifications to the Data Protection Information
- Purposes of the Data Processing, Legal Bases, Storage Period
- Transfer of Personal Data to Third Parties
- Web Analysis & Tracking
- Social Plugins
- Your rights as a data subject
- Data security
1. Name and Contact Information of the Controller and of the Data Protection Officer
Controller under Article 4(7) of the EU General Data Protection Regulation (GDPR):
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
Hansastraße 27 c
On behalf of
Fraunhofer-Institut für Angewandte Informationstechnik FIT
Schloss Birlinghoven, Konrad-Adenauer-Straße
53754 Sankt Augustin
(Hereinafter referred to as „Fraunhofer“)
Telephone: +49 89 1205-0
Fax: +49 89 1205-7531
You can reach our Data Protection Officer using our contact details above or per email via firstname.lastname@example.org.
2. Modifications to the Data Protection Information
This data protection information is currently valid and dated as of May 2020.
As we are improving the OPEN ACCESS HUB constantly and based on changes in statutory or government standards, we point out that, from time to time, Fraunhofer may adapt and modify this data protection information. All changes shall be reasonable in consideration to your interests. We will inform you in prior about any changes and the date they go into effect by a notice on our website. If you do not agree to our updated data protection information, you can stop visiting our website and delete your account at any time.
3. Purposes of the Data Processing, Legal Bases, Storage Period
a) During your Website Visit
Every time you visit our website, our website servers store your device’s accessing our website in a protocol file. This storage is temporary and lasts until the automated deletion. Our servers store the following data send by your web browser:
- The IP address of the requesting device
- Access date and time
- Name and URL of the accessed data
- The data volume transmitted
- The message whether the access was successful
- The browser and operating system used
- The name of the Internet Provider (ISP)
- The referring website (referrer URL)
The servers process the foresaid data for the following purposes:
- To enable the use of the website (connection setup)
- To administrate the network infrastructure
- To evaluate appropriate technical and organizational measures and to ensure IT systems and data security, taking into account the state of the art technology
- To ensure comfortable use of the website and to offer user-friendly service
- To optimize the Internet offering
The legal bases for the above processing purposes are:
- Processing according to numbers 1 – 2: Article 6(1) sentence 1 point (b) (requirement for the compliance with and the fulfilment of the provisions of the website user contract),
- Processing pursuant to number 3: Article 6(1) sentence 1 point (c) GDPR (legal obligation to implement technical and organizational measures to ensure secure data processing according to Article 32 GDPR) and Article 6(1) sentence 1 point (f) GDPR (legitimate interests in data processing for the network and information security) as well as
- Processing pursuant to numbers 4 – 5: Article 6(1) sentence 1 point (f) GDPR (legitimate interests) – our legitimate interests in the processing of data are based in our desire to offer user-friendly optimized websites.
- After the specified period of 30 days, our web servers automatically delete the above-mentioned data. To the extent that data is longer processed for purposes according to numbers 2 – 5, we will anonymize or delete the data as soon as their storage no longer serves the respective purposes.
b) User of the OPEN ACCESS HUB
If you are a user of Open Access Hub, special functions such as publishing data, information are available. For users, we store in addition to paragraph 3(a) the
- First name
- E-Mail address
- Any other content and data communicated to us
Uncompleted personal information may limit your ability to engage with other users.
The processing of the foresaid data takes place for the following purposes:
- To offer the functions, e.g. uploading information as well as for authentication and identification of users
- To offer communication services to the users and to inform them
- To prevent from identification fraud and misuse
- To ensure comfortable use of the website and to offer user-friendly services
- To optimize the Internet offering
- To provide updates to SAIRA, information about fundraise for projects, initiatives or programs and events in the context of SAIRA
The legal bases of the above processing are:
- Processing according to numbers 1 – 2: Article 6(1) sentence 1 point (b) (requirement for the compliance with and the fulfilment of the provisions of the website user contract),
- Processing pursuant to number 3: Article 6(1) sentence 1 point (c) GDPR (legal obligation to implement technical and organizational measures to ensure secure data processing according to Article 32 GDPR) and Article 6(1) sentence 1 point (f) GDPR (legitimate interests in data processing for the network and information security) and
- Processing pursuant to numbers 4 – 6: Article 6(1) sentence 1 point (f) GDPR (legitimate interests) – our legitimate interests in the processing of data are based in our desire to offer user-friendly optimized websites and to provide direct marketing information with respect to SAIRA and its community.
- The above-mentioned data will be deleted when you terminate the registered use, i.e. delete your account.
c) Subscriptions to our Newsletter
Insofar as you provided your consent pursuant to Article 6(1) sentence 1 point (a) GDPR, we will use your email address to send you our newsletter on a regular basis. The newsletters contain information on SAIRA and its registered partners.
To receive our newsletter, we ask you to provide us with the following mandatory data:
- Email address
- First name
We need your name and title to address you personally in our newsletter. After you have subscribed to our newsletter, we will email a subscription confirmation to you. You must confirm the receipt of this email to receive our newsletter. This procedure is known as double opt-in procedure. Your email response serves as confirmation that you are in fact the person who subscribed to our newsletter.
You may unsubscribe from our newsletter at any time. You may find an ‘unsubscribe’ link at the end of each of our newsletters. Alternatively, you may also unsubscribe by email.
Upon receiving your unsubscribe notice, we will delete your email address immediately.
d) Use of Contact Forms
We offer you the opportunity to contact us with any kind of question or inquiry by using the contact form available on our website. To enable you to communicate with us via this form, we request the following data:
- Email address
- First name
We need these data to find out who contacted us and to process the user request. We process the data in response to your inquiry. Our purpose is to answer your inquiry in pursuit of our legitimate interests pursuant to Article 6(1) sentence 1 point (f) GDPR. Once we have satisfied the inquiry via contact form, we will automatically delete the personal data collected
4. Transfer of Personal Data to Third Parties
We give your personal data only to third parties (i.e. to natural and legal persons other than you, the data subject), the controller, the service provider, or its vicarious agents if:
- You consented explicitly to the data transfer to a third party pursuant to the first sentence of Article 6(1) sentence 1 point(a) GDPR
- The data transfer is necessary for the performance of the contract with you pursuant to the first sentence of Article 6(1) sentence 1 point(b) GDPR
- Data transfer to the mail order firm which will deliver the goods you ordered
- Payment data transfer to payment service providers and credit institutes for payment transactions
- We are legally obligated to surrender the data to financial or judicial authorities pursuant to the first sentence of Article 6(1) sentence 1 point(c) GDPR
Transferring your data to third parties is required to establish, exercise or defend legal claims, and there is no reason to assume that you as data subject could have an overriding interest worth protecting in the non-transfer of your personal data pursuant to Article 6(1) sentence 1 point (f) GDPR. Such a data transfer to government and/or law enforcement authorities may occur in cases of attacks on our IT systems.
Third parties may use the transferred data only for the above-mentioned purposes.
The transfer of personal data to countries outside the EU or an international organization is excluded. This does not apply to transfers to registered users of SAIRA and users of the Open Access Portal that are typically located worldwide.
Cookies are small files automatically created by your web browser and stored in your device. Cookies contain information pertaining to the specific device, which accessed our website. However, this does not provide us with direct knowledge of your identity. Cookies do not harm your computer, and they do not contain viruses, Trojans or other malware.
We also use temporary cookies to optimize the user-friendliness of our website. Your device stores these cookies temporarily for a specific time. Once you visit our website again, our server will recognize your device as prior visitor and remember your settings and preferences. You will not have to enter these parameters again.
The data obtained with the help of cookies help us pursue our legitimate interests as website owners and serve the legitimate interests of third parties pursuant to the first sentence of Article 6(1) sentence 1 point (f) GDPR.
Most browsers accept cookies automatically. You will be informed on SAIRA’s website about an automatic storage of cookies the first time you connect. However, you are able to configure your browser in such a way that the application does not store cookies on your computer or always shows an alert before storing new cookies. You can change this in your browser settings as described below. The complete deactivation of cookies may prevent you from using all of the functions on our website.
If you do not wish that your usage behavior is recorded and analyses, you may object by means of opt-out cookies. An opt-out cookie is set which prevents future capturing of your data when visiting this website. The opt-out cookie is only applicable to this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you need to reset the opt-out cookie. If you wish to opt-out or opt-in from our cookie service, please follow this link.
The procedures for blocking cookies differ according to your browser:
Click on the “Tools” button, then on “Internet Options”. Under the “General” tab, you find the tab “Browsing history”, click on “Parameters”. Click on the button “Show files”. Click on the column head “Name” to list the files in alphabetical order, then go down the list until you see the files beginning with the prefix “Cookie” (All cookies contain this prefix and typically contain the name of the website, which created the cookie.) Select the cookie or cookies you want to delete and delete them. Close the window containing the files, then click twice on “OK” to return to Internet Explorer.
Go to the “Tools” tab in the browser window and select the “Options” menu. In the window that appears, choose “Privacy” and click on “Show Cookies”. Find the cookies you want to delete. Select and delete them.
In your browser window, choose the “Preferences” menu. Click on “Security”. Click on “Show cookies”. Select the cookies you want to delete and click on “Erase” or on “Erase all”. After having deleted the cookies, click on “Finished”.
Click on the “Tools” icon in the menu. Select “Options”. Click on the “Advanced options” tab and scroll to the “Confidentiality” section. Click on the “Show Cookies” button. Find the files you want to delete. Select and delete them. Click on “Close” to go back to your browser.
6. Web Analysis & Tracking
We use the tracking measures described below pursuant to Article 6, Paragraph 1, Section 1 f) of the GDPR in order to structure and optimize the website to the needs of users. We use the tracking measures to statistically track how the website is used and to analyze and optimize our services for you. This tracking is in our legitimate interests pursuant to the aforementioned regulations.
The category of, and purpose for processing the data, can be inferred from the corresponding tracking tools.
We use Google Analytics, a web analytics services operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“), to structure and optimize the website to the needs of users on an on-going basis. We create pseudonymous user profiles and cookies (see Section 5.) for these purposes.
These cookies create and send information regarding how you use this website to a Google server located in the United States, where the information is stored. The information includes, but is not limited to
- browser type, version,
- operating system,
- referrer URL,
- hostname of the computer requesting the access (IP address),
- time of the server inquiry
We use this information to evaluate how the website is used, to put together reports regarding activities on the website and to provide other related services in conjunction with use of the website and Internet for the purposes of market research and structuring the website to the needs of users. This information is also transferred to third parties if necessary, provided it is legally mandated or insofar as third parties have been commissioned to process this data. Google will not use tour IP address in connection with other Google data. The IP addresses are stored anonymously to prevent identification of the user (IP masking).
You can prevent the collection of data created by cookies, and through the use of the website (including your IP address), as well as prevent the processing of this data by Google, by downloading and installing a browser add-on.
As an alternative to a browser add-on, especially when using browsers in mobile devices, you can prevent the collection of data by Google Analytics by clicking on this link. This will activate an opt-out cookie that prevents your data from being collected when you visit this website in the future. The opt-out cookie is stored on your device and is valid solely for this browser and only for this website. If you delete cookies in this browser, you must re-activate the opt-out cookie.
Further information regarding data privacy as it applies to Google Analytics is available in Google Analytics support online.
Google Adwords Conversion Tracking
We also use Google Conversion Tracking to statistically track how the website is used and to analyze and optimize our services for you. This involves placing a cookie (see Section 5.) from Google AdWords when you click on a Google advertisement on our website.
These cookies expire after 30 days, do not contain any personal data and therefore cannot be used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, we and Google can tell that you clicked on the ad and were directed to that page.
Each Google AdWords customer receives a different cookie, so it is not possible to track cookies via websites of other AdWords customers. The information collected by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Adwords customers can see the total number of users who clicked on their ad and were directed to a page containing a conversion tracking tag. However, they do not receive information that enables them to identify users personally.
For our website, we use the Leadlab service of the service provider Wiredminds GmbH and the company’s pixel counting technology to analyse the habits of our website users. The analysis helps us to optimise our website. The service allows us to recognize which users visit our website, too. The data do not enable us to identify users directly.
Without your explicit consent, neither Wiredminds nor we use the collected data to identify you personally, and your personal data are never matched with data under a pseudonym associated with you.
To the extent that IP addresses are collected, these addresses are stripped of their last control number block upon collection to anonymise the addresses instantly.
You find the data protection statement of Wiredminds on the Wiredminds website. The provider processes the statistical data based on our legitimate interest pursuant to Article 6(1) sentence 1 point (f) GDPR in the optimisation of our online offerings and our web presence. Wiredminds processes the data on our behalf, and we have entered into an order processing agreement with Wiredminds. Wiredminds agrees to process the data on our behalf and in compliance with the GDPR. Wiredminds also agrees to protect the rights of the affected persons.
In case you reject the collection of data and the analysis of your user activities, please use our opt-out cookie to prevent the installation of our cookies. This will prevent the future collection of data when you use our website. The opt-out cookie in your device works only in the browser used for this session and applies only to our website. If you delete the cookies in this browser, you have to install the opt-out cookie again.
7. Social Plugins
We use social plugins (e.g. social media buttons) on our website. Click on them to place the content of our website under your profile in social network sites.
If you click on such a button, a link will be established between our website and the social network to which you subscribe. Aside from the respective content, the social network provider will receive other personal information. This includes the information that you visit our website right now.
For the integration of the social plugin we use the so-called Shariff Solution. This solution prevents your device from creating a link to the social network merely because you visit a website featuring a social plugin button without clicking on it. This means that a link is only established if you click on the social plug-in button.
We integrate the following social plug-ins on our website:
Facebook Sharing of Facebook Ireland Limited
Sometimes, information is transferred to the US domicile of the parent company Facebook Inc., USA. This company complies with the data protection regulations of the ‘EU-US-Privacy-Shield’ and is registered with the EU-US-Privacy-Shield program of the US Department of Commerce.
Purpose and scope of the data collection and further processing and use of the data by Facebook and your user rights in your relationship with Facebook as well as your ability to influence your privacy rights by changing your browser settings are subject to Facebook’s Data Protection Statement.
Please find more information on the data protection on Facebook’s Data Protection Statement.
Please find more information on the data protection on Instagram’s Data Protection Statement.
Sometimes, information is transferred to the US parent company Twitter Inc. The Twitter International Company complies with the data protection regulations of ‘EU-US-Privacy-Shield’. Twitter Inc. is registered with the EU-US-Privacy-Shield program of the US Department of Commerce.
Please find more information on the data protection on Twitter’s Data Protection Statement.
Information is partly transferred to the parent company LinkedIn Corporation, headquartered in the USA. It respects the data protection regulations of the US Privacy Shield and is registered with the US Privacy Shield program of the US Department of Commerce.
For more information on data protection with LinkedIn, please refer to the LinkedIn privacy statement.
8. Your rights as a data subject
You have the following rights:
- Pursuant to Article 7(3) GDPR, you have the right to withdraw at any time any consent you may have given to us before. Consequently, we may no longer continue the respective activity.
- Pursuant to Article 15 GDPR, you have the right to obtain information on your personal data which we have processed. In particular, you have the right to
information on the following:
- Purposes of the data processing
- The category of personal data,
- The categories of recipients to which we disclosed or will disclose your data,
- The planned storage periods of data,
- The existence of the right to correction, deletion, restriction of processing and objection,
- The right to appeal,
- The right to know the origin of your data in the event that we did not collect these data,
- The right to meaningful and detailed information on the existence of automated decision-making including profiling and, if applicable, relevant information on the details thereof;
- Pursuant to Article 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data and/or the completion of incomplete personal data in storage at the Fraunhofer-Gesellschaft,
- Pursuant to Article 17 GDPR, you have the right to the erasure of your personal data unless the erasure interferes with the execution of the right to the free expression of opinions and to information, with the compliance with legal obligations, is necessary in the public interest or for establishing, exercising or defending legal claims,
- Pursuant to Article 18 GDPR, you have the right to restriction of processing of your personal data if you contest or challenge the accuracy of these data, the processing of the data is unlawful but you oppose the erasure of these data and we no longer need the data while you still need the data to establish, exercise or defend legal claims or you have raised an objection against the data processing pursuant to Article 21 GDPR,
- Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to demand the transmit to another controller and
- Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you may find such authority at your habitual residence, your workplace or our company domicile.
Information on your right to object pursuant to Article 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data pursuant to Article 6(1) sentence 1 point (f) GDPR (data processing for the purposes of the legitimate interests) and Article 6(1) sentence 1 point (e) GDPR (data processing for the performance of a task carried out in the public interest). This shall also apply to profiling as prescribed by Article 4 No. 4 GDPR, which is based on this provision.
Once you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defense of legal claims.
To the extent that your objection addresses the processing of data for direct advertising, we will stop the processing immediately. In this case, citing a special situation is not required. This shall also apply to profiling in as far as it relates to such direct advertising.
If you would like to assert your right to object, an email to email@example.com will suffice.
9. Data security
We transmit all your personal data using the widely used and secure TLS (Transport Layer Security) encryption standard. The TLS protocol is a proven and secure standard that is also used in online banking transactions. You will recognize a secure TLS connection by the “s” following the http (https://…) in your browser URL or by the lock symbol in the lower section of your browser.
Moreover, we use suitable technical and organizational safety procedures to protect your data against accidental or willful manipulation, partial or complete loss, destruction or against the unauthorized access by third parties. We constantly improve these security measures as the technology advances.
Should individual provisions of this data protection declaration be or become invalid either in part or in its entirety or prove infeasible at any time, this shall not affect the remaining provisions of this data protection declaration. This shall apply accordingly to gaps in this declaration.
These PRIVACY POLICIES are currently valid and dated as of May, 2020.