As of June 2019
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:""
Institute Heritage Studies
Telefon: 030 3423996
The data protection officer of the responsible person is:
Institute Heritage Studies
Telefon: 030 3423996
1. Extent of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a, EU General Data Protection Regulation (GDPR), serves as legal basis.
The legal basis for the processing to perform our services and implement contractual activities and answering queries is Art. 6 para. 1 lit. b GDPR, the legal basis for the processing to comply with our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for the processing to protect our legitimate interests Art. 6 para. 1 lit. f GDPR. In the event that the vital interests of the data subject or of another individual may require the processing of personal data Art. 6 para. 1 lit. d GDPR serves as legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as legal basis.
3. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as they are no longer required. Storage can be done beyond, if this has been provided by European or national legislation in EU law regulations, laws or regulations, to which the responsible person is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
1. 1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected here:
(1) Browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Referrer URL (the previously visited page)
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
1. 1. Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
1. 1. Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
In these purposes lies our legitimate interest in data processing acc. to Art. 6 para. 1 lit. f GDPR.
1. 1. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after 24 hours at the latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
1. 1. Objection and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.
1. 1. Description and scope of data processing
The following data is stored and transmitted in the cookies:
(1) User ID
(2) Language and location settings of the user
1. 1. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
1. 1. Purpose of data processing
We require cookies for the following applications:
(1) Differentiation of users
(2) Adapting to users' language settings
The user data collected through technically necessary cookies will not be used to create user profiles.
1. 1. Duration of storage, objection and disposal options
Regardless of this, all data stored on the user's device will be deleted upon termination of use, eg by closing the browser window or tab.
Description and scope of data processing
When contacted via the e-mail address provided on the website, the user's personal data transmitted by e-mail will be stored.
There is no transfer of personal data to third parties in this context. The data is used exclusively for processing the conversation.
Within our online offer, based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third-party providers to integrate their content and services, such as videos.
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, time of visit, and other information regarding the use of our online offer.
If personal data from you is processed, you are concerned in the sense of the GDPR, and you have the following rights to the person responsible:
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is taking place, you can request information from the person responsible about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
You have a right to rectification and/ or completion to the responsible person if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) if the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you object to the processing in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, the person responsible will inform you before the restriction is lifted.
a) deletion obligations
You can ask the person responsible that the personal data concerning you will be immediately deleted, and the manager is obligated to delete that information immediately, unless one of the following reasons applies:
(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent to the processing acc. to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is a lack of otherwise legal basis for the processing.
(3) You object to the processing acc. to Art. 21 para. 1 GDPR, and there are no prior justifiable reasons for processing, or you object to the processing acc. to Art. 21 para. 2 GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) Your personal data were collected relating to information society services provided in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties
If the responsible person has made the personal data concerning you public and is obligated to their deletion acc. to Art. 17 para. 1 GDPR, he/she takes appropriate measures, including technical means, to inform data controllers who process the personal data, taking into account the technology available and the implementation costs, that you as the data subject have required from him/her the deletion of all links to these personal data or copies or replications of personal data.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health according to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. to Art. 89 para. 1 GDPR, insofar as the law referred to in section a) is likely to render impossible or seriously affect the achievement of the objectives of this processing, or
(5) to assert, exercise or defend legal claims.
If you have the right of rectification, erasure or restriction of processing to the controller, he/ she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
You have the right to receive the personal information that you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
(1) the processing is based on a consent acc. to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. to Art. 6 para. 1 lit. b GDPR and
(2) the processing is done using automated procedures.
In exercising this right, you have the right also to obtain that your personal data shall be transmitted directly from one person responsible to another person responsible, to the extent this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data, which are collected based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out through automated procedures that use technical specifications.
You have the right to revoke your declaration of consent according to privacy law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
You have the right not to be subject to a decision based solely on automated processing - including profiling - that will have legal effect on you or seriously affect you in a similar way. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) with your express consent.
However, these decisions may not apply to specific categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his/ her own position and to challenge the decision.
Notwithstanding an otherwise administrative or legal proceeding, you have the right to appeal to an oversight authority, in particular in the Member State of your residence, your place of work or the location of the alleged violation to if you are of the opinion that the processing of personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy acc. to Art. 78 GDPR.