Privacy Policy

If you use the online services of the Deutsche Digitale Bibliothek, your data will be processed. The following privacy policy explains how this is done.

Privacy policy

Information on joint responsibility

according to Art. 26 para. 2 sentence 2 of the General Data Protection Regulation (GDPR)

 

1. responsible parties

Responsible parties for the data processing of the German Digital Library are

 

  • The Prussian Cultural Heritage Foundation (SPK), represented by the President.

Address: Von-der-Heydt-Straße 16-18, 10785 Berlin,

Tel.: +49 (0)30 266-41 28 89,

e-mail: info [at] hv.spk-berlin.de

hereinafter "SPK" -

 

  • FIZ Karlsruhe - Leibniz Institute for Information Infrastructure, represented by the Managing Director

                Address: Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen, Germany.

Tel: 049 (0)7247 808 0

E-mail: contact [at] fiz-karlsruhe.de

hereinafter "FIZ Karlsruhe" -

 

  • the German National Library, represented by the Director General

        Address: Adickesallee 1, 60322 Frankfurt am Main, Germany

Tel: +49 (0)69 1525-0 

E-mail: postfach [at] dnb.de

hereinafter "DNB" –

(together hereinafter referred to as the "Parties")

If you use the online services of the German Digital Library, your personal data will be processed, too.

 

2. What is the reason for the joint responsibility under data protection law for the operation of the German Digital Library?

SPK, the DNB and FIZ Karlsruhe, as joint operators of the German Digital Library, work closely together. This also applies to the processing of your personal data. As part of their joint responsibility under data protection law, the parties have agreed on which of them fulfils which obligations under the GDPR. They are jointly responsible for the protection of your personal data within the processes described below (Art. 26 GDPR). In doing so, SPK, DNB and FIZ Karlsruhe fulfil their obligations under data protection law with regard to the processes mentioned below as well as with regard to the data subject´s rights under Art. 16 to 22 of the GDPR, while according to the parties' agreement, SPK is also responsible for providing information under Art. 13 and 14 of the GDPR and information under Art. 15 GDPR.

 

3. individual processes

Even though there is joint responsibility, SPK, DNB and FIZ Karlsruhe fulfil the obligations under data protection law in accordance with their respective responsibilities for the individual processes as follows:

 

3.1 Processes under SPK´s responsability within the framework of joint responsibility

3.1.1 Contact list of registered cultural and scientific institutions / data partners

In the contact list of data partners, names and address data of contact persons of the institutions are processed.

  • Purpose of the data processing: The contact list helps to exchange information and administer partner information
  • Legal basis for the processing is Art. 6 (1)(b) GDPR.
  • Storage period: The data is stored and processed for the entire duration of the contractual relationship between the German Digital Library and data partners (cooperation or aggregator agreement).

3.1.2 Social Media  

The German Digital Library on Facebook and Instagram

The German Digital Library has Facebook and Instagram pages, for which it is jointly responsible under data protection law with Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; hereinafter Facebook Ireland) in accordance with Art. 26 GDPR.

Users can comment news, videos and images posted on the pages. They can be equipped with emojis. Users on Facebook can also post so-called visitor posts on our page. The comments, emojis and posts are publicly visible and thus it is also publicly recognisable by whom they were left in each case. Users can also send messages to us, but these are not publicly visible.

Via the so-called Insights, we have the possibility to access certain statistical, anonymised data on user behaviour.

This includes, for example, the total number of page views, "Like" votes, page activities, post interactions, reach, video views and post reach.

Also provided in this way is data on Facebook groups linked to our Facebook page. The Insights data are generated and provided by Facebook through cookies. We can only change the time period for which we want to view the analysis.

In addition, we can define certain settings for the target group of our posts. This effects the statistics, correspondingly. We cannot turn off the Insights function.

Facebook uses the data in particular for advertising (creation of personalised advertising), creation of user profiles and market research purposes. If the visitor to the site has a facebook user account and is logged in with this account when accessing the site, the information provided by the cookies is stored across all devices. Without us being able to influence this, Facebook passes on data to, among others, Facebook Inc., the US parent company of Facebook Ireland. This is certified under the EU-US Privacy Shield and is thus considered to be data protection compliant in the sense of the GDPR.

Details on data processing by Facebook can be found here: https://www.facebook.com/policy.php   

Instagram's privacy policy can be found at https://help.instagram.com/519522125107875

We use the Insights data as well as other visible data to optimise the content displayed on our websites and to interact with the users. For example, we use the information on visiting times to optimise the timing of our posts. Information about the type of terminal devices used helps us to design our posts etc. in such a way that they are optimally displayed on all types of terminal devices. Based on the terms of use that each user has agreed to as part of setting up their profile, we can identify subscribers and fans of the site and view their profiles and other shared information by them.

  • Shared responsibility agreement: Data processing is carried out on the basis of an agreement between the joint controllers pursuant to Article 26 of the GDPR; Facebook Ireland is the primary controller corresponding to the GDPR (Art. 26) in relation to Insights data: https://www.facebook.com/legal/terms/page_controller_addendum
  • Purpose of the data processing: The data processing serves the effective communication with DDB users in the context of their public relations work.
  • Legal basis: The processing of personal data is carried out to protect legitimate interests on the basis of Art. 6 (1) (e) GDPR in conjunction with Section 3 German Federal Data Protection Act (BDSG).
  • Data subject´s rights: You can claim your data subject rights against both us and Facebook Ireland.

Twitter

SPK processes personal data via its Twitter account @ddbkultur (see below under b.), and at the same time data processing is carried out by Twitter.

  • Data processed by Twitter: The German Digital Library uses the technical platform and services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service offered here.
  • The responsible party for the data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Information on what data is processed by Twitter and for what purposes can be found in Twitter's privacy policy. Twitter Inc. has committed itself to the principles of the EU-US Privacy Shield.
  • Data processed by SPK: The data you enter on Twitter, in particular your username and the content published under your account, are processed by us insofar as we retweet or reply to your tweets, if applicable, or also in our tweets referring to your account. The data freely published and disseminated by you on Twitter is thus included in our content and made accessible to our followers.
  • Purpose of the data processing: The processing is carried out for the purposes of public relations.
  • Legal basis: The legal basis for the processing is Art. 6 (1)(e) GDPR in conjunction with § 3 BDSG.

 

3.2 Processes which FIZ Karlsruhe takes responsbility for within the scope of joint responsibility:

3.2.1 User account / registration: Administration of registered customers for the German Digital Library and Archivportal-D.

If you set up a user account, you can register with us. Once you have registered, you can make personalised use of our portal and apply for an authentication key to use the API.

Account setup: We store at the time of account setup:

  • Your username,
  • your first and last name (optional),
  • your password,
  • your email address,
  • your IP address,
  • API key (optional)
  • Date and time of setup and confirmation.

 

  • Purpose of data processing:

The purpose of the processing is the administration of registered users for online authentication and authorisation as well as for the administration of roles and rights. We use the data to guarantee the use of personal functions such as bookmarks, to prove your registration, to clarify possible misuse of the data and, if necessary, to support you in the defence against claims by third parties.

  • Legal basis

The legal basis for the processing is Art. 6 (1) (b) and (f ) GDPR. In the event that a cooperation agreement with the DDB does not yet exist, the legal basis may be consent, Art. 6 para. 1 lit. a DSGVO.

  • Storage period

You can delete your user account online at any time.

  • Objection to the processing of your data

You can object to the processing of your data at any time. To do so, you can delete your user account.

 

3.2.2 Our Newsletter

You can subscribe to the German Digital Library newsletter here,  free of charge. When you subscribe to the newsletter, we obtain your consent to data processing. You must provide your e-mail address for the newsletter to be sent. If you have confirmed your subscription to the newsletter dispatch, we store your e-mail address, your IP address and the date and time of the subscription and confirmation.

  • Purpose of data processing: We use your e-mail address to send you newsletters. We store the date and time of registration and confirmation in order to prove your registration and, if necessary, to clarify any misuse of your data.
  • Legal basis: We process the data on the basis of Article 6(1)(a) DS-GVO (your consent).
  • Storage period: The data is stored for as long as the subscription to the newsletter is active.
  • Withdrawal of your consent: You can withdraw your consent to the sending of the newsletter here. You can declare the withdrawal by entering your e-mail address and clicking on "Unsubscribe".

 

3.2.3 Access to the German Digital Library portal, its subportals or DDBpro

Log files: When you access our web pages, the web browser of your device (e.g. computer, smartphone, tablet), before the web page you requested can be displayed, sends a request to our web server. All requests that our web server receives from your device's web browser are automatically logged in a log file.

A log file contains the following data:

  • Internet protocol address (IP address) of your device,
  • Date and time of your request,
  • Name of the files or web pages you accessed,
  • content of your call,
  • amount of data transferred in bytes,
  • Operating system, browser type, browser language and browser software version of your device,
  • Internet page from which your call comes.

The data is stored in our computer system.

  • Purpose of data processing: We use the data to ensure the secure and error-free operation of the server systems necessary for the German Digital Library.
  • Legal basis: We process the data on the basis of Article 6 (1) sentence 1 (b) and (f) GDPR.
  • Storage period: We delete the data after seven days.
  • No objection: You cannot object to the data processing by log files.

 

3.2.4 Cookies

When you access our websites for the first time, the web browser of your device stores cookies provided by our web server with information on the storage medium of your device. When you access our web pages again, the web browser of your device delivers the cookies with your search query to our web server. 

  • Data processing purposes: The cookies are used to offer you our online service (session cookies), to make the use of our online offers more comfortable for you (settings cookies), to anonymously evaluate your user behaviour (search terms, frequency of calling up our web pages and length of stay on our web pages) and to anonymously recognise you for subsequent visits (tracking cookies).
  • Legal basis: We use the cookies on the basis of Article 6 (1) sentence 1 letter (f) DSGVO.
  • Storage period: Session cookies are only stored for the duration of your visit to our websites and are automatically deleted when you log out or close the web browser of your device. We delete the settings cookies after one year at the latest and the tracking cookies after ten years or at the end of the session if you have not activated the "Save settings" checkbox. Whenever you access our websites, the storage periods of the setting cookies start to run again.
  • Deactivating or restricting cookies: You can use the security settings in your device's browser to control whether cookies are stored on your device's hard drive. You can choose not to accept cookies in the first place, or only accept them on request, or you can choose to delete cookies each time you close your device's web browser. Please note that you may no longer be able to use all the functions of our websites to their full extent if you deactivate or restrict cookies. You can delete cookies that have already been saved at any time.

 

3.2.5 Web analysis

We use the web analysis programme Matomo so that we can statistically evaluate your visits to our website anonymously. When you visit our website, Matomo collects the following data:

  • Anonymised internet protocol address (IP address) of your device,
  • Date and time of your visit,
  • Name of the files or web pages you call up,
  • the content of your visit,
  • Amount of data transferred in bytes,
  • operating system, browser type, browser language and browser software version,
  • Internet page from which your call comes,

 We store this data in the database of our computer system. We store your IP address in shortened and thus anonymised form. It is therefore no longer possible to assign the data to your device. Matomo also uses a tracking cookie.

  • Purposes of data processing: We use the data to evaluate the use of our websites anonymously and, on this basis, to continuously develop our online presence and make it more user-friendly. The evaluation is carried out within the framework of the joint responsibility in the DDB by the DNB and SPK.
  • Legal basis: We use Matomo on the basis of Article 6 paragraph 1 sentence 1 letter f DS-GVO.
  • Storage period: The anonymised data will not be deleted.
  • Withrawal: If you have consented to the anonymised statistical evaluation (by tracking cookie), it is possible to withdraw your consent at any time. You can view and change your cookie settings here. In case of refusal of the evaluation, we store a cookie with this information on the storage medium of your device for ten years and do not evaluate your user behaviour for ten years. The tracking cookie will be stored again on the storage medium of your device if you access our websites after the ten years have expired.

Please note: If you have activated the automatic deletion of cookies in your browser, the deactivation cookie will also be deleted when you exit the programme. In this case, you will have to repeatedly reject the statistical evaluation the next time you call up this website. Even if you use a different computer or a different web browser, you will have to reject the statistical analysis again.

You can find more information on the privacy settings of the Matomo software on the Matomo website.

 

3.2.6 DDBstudio user account

Before you can use our "DDBstudio" service as a curator, we will create a user account for you. For the account creation we ask for:

             - Your first and last name,

             - your work e-mail address,

             - your function (curator),

             - name and address of your institution.

  • Purposes of data processing: We use the data to enable you to use DDBstudio, to prove that you have registered for it, to clarify possible misuse of the data and, if necessary, to support you in defending claims by third parties.
  • Legal basis: We process the data on the basis of Article 6 (1) sentence 1 (b) GDPR.  
  • Storage period: We store the data for as long as we publish the exhibition online. If you inform us beforehand that you are no longer responsible for the exhibition, the data will be deleted immediately.

 

3.3 Processes for which DNB is responsible within the framework of joint responsibility:

3.3.1 Web service for personal standard data ("Entityfacts")

The following data are processed for the entity facts:

  • First name and surname,
  • gender,
  • pseudonyms,
  • life data,
  • origin and place of residence,
  • relationships and affinities,
  • professional activity,
  • public offices,
  • affiliation to organisations,
  • authorships,
  • editorial activity.

 

  • Purpose of the processing: Data processing is carried out with the purpose of creating personal pages on entities of the Common Index File (GND) within the DDB portal.
  • Legal basis: The processing is based on Art. 6 ( 1) sentence 1 (e) GDPR in conjunction with § 3 BDSG.
  • Storage period: The personal data is deleted as soon as it is determined that it is no longer needed for the purpose for which it was collected or as soon as consent is revoked.
  • Objection: You may object to the processing of your personal data pursuant to Art. 21 (1) DSGVO. If necessary, send your objection by e-mail to datenschutzbeauftragter [at] dnb.de (datenschutzbeauftragter[at]dnb[dot]de).

 

3.3.2 German Digital Library Internal Database on Data Partners and Data Sets ("DDB Go")

The following data is processed for DDB Go:

  • User ID,
  • password,
  • e-mail,
  • first and last name (optional),
  • API key.

 

  • Purpose of the data processing: The processing is carried out for online authentication and authorisation as well as for the administration of roles and rights.
  • Legal basis for processing: The processing is based on Art. 6 ( 1) sentence 1 (a) and (b) GDPR.
  • Storage period: The personal data is deleted as soon as it is determined that it is no longer needed for the purpose for which it was collected or as soon as consent is revoked.
  • Revocation: You can revoke your consent to the processing of your personal data at any time with effect for the future. In this case, send the revocation by e-mail to datenschutzbeauftragter [at] dnb.de.

 

3.3.3 DNB Wiki

In the DNB Wiki, following data are stored and processed:

  • employee and project partner master data (user ID, password, first and last name,
  • job title,
  • e-mail,
  • telephone, fax,
  • contact address

 

  • Purpose of data processing: Processing in the DNB Wiki serves internal communication and documentation of project processes.
  • Legal basis for processing: The processing is based on Art. 6 ( 1) sentence 1 ( a) and (b) GDPR, § 26 BDSG.
  • Storage period: The personal data is deleted as soon as it is determined that it is no longer needed for the purpose for which it was collected or as soon as consent is revoked.
  • Withdrawal: You can withdraw your consent to the processing of your personal data at any time with effect for the future, provided that your data is not processed within the scope of your activity as an employee of a contributing institution. In this case, send the withdrawal by e-mail to datenschutzbeauftragter [at] dnb.de.

 

3.3.4 Mailing lists for internal communication

For the mailing lists, the following data are stored processed:

  • staff and project partner master data (first and last name, e-mail)

 

  • Purpose of data processing: The processing for the mailing lists serves internal communication.
  • Legal basis for the processing is Art. 6 ( 1 ) sentence 1 (a) and (b) GDPR, § 26 BDSG.
  • Storage period: The personal data is deleted as soon as it is determined that it is no longer needed for the purpose for which it was collected or as soon as consent is withdrawed.
  • Withdrawal: You can withdraw your consent to the processing of your personal data at any time with effect for the future, provided that your data is not processed within the scope of your activity as an employee of a contributing institution. In this case, send the revocation by e-mail to datenschutzbeauftragter [at] dnb.de (datenschutzbeauftragter[at]dnb[dot]de).

 

3.3.5 Functional email addresses for external communication

For the functional e-mail addresses for external communication. the following data are processed:

  • employee and project partner master data as well as, if applicable, the master data of third party external enquirers (first and last name, e-mail)

 

  • The purpose of the processing is external communication
  • The legal basis for the processing is Art. 6 ( 1) sentence 1 (a) or (b) GDPR.
  • Storage period: The personal data is deleted as soon as it is determined that it is no longer needed for the purpose for which it was collected or as soon as consent is revoked.
  • Withdrawal: You can withdraw your consent to the processing of your personal data at any time with effect for the future. In this case, send the withdrawal by e-mail to atenschutzbeauftragter [at] dnb.de.

 

3.3.6 Registration of cultural and scientific institutions

Our (future) cooperation partners must create a user account via an employee in order to enable cooperation.

For the account creation, we collect the following data from the responsible employee(s) of the data partner:

  • user name,
  • first and last name (optional),
  • password,
  • e-mail
  • log files

We store this data at the time of account creation. In addition, we store your IP address as well as the date and time of account creation and confirmation. The data is stored at FIZ Karlsruhe.

  • Purpose of the data processing: The purpose of the processing is the administration of registered users for online authentication and authorisation as well as for the administration of roles and rights.
  • Legal basis: We process the data on the basis of Article 6 (1) sentence 1 (b) and (f) GDPR.
  • Storage period: We delete your IP address after seven days. We store the remaining data until you delete the user account. Alternatively, you can contact the DDB service point: registrierung [at] deutsche-digitale-bibliothek.de (registrierung[at]deutsche-digitale-bibliothek[dot]de).
  • Objection to the processing of your personal data: You can object to the processing of your personal data at any time by deleting your account or by contacting the DDB service point: registrierung [at] deutsche-digitale-bibliothek.de (registrierung[at]deutsche-digitale-bibliothek[dot]de).

 

§ 4 What does this mean for data subjects?

You have the following rights vis-à-vis any party with regard to your data:

- Right of access (Article 15 DSGVO),

- Right to rectification (Article 16 GDPR),

- Right to erasure (Article 17 GDPR),

- Right to restriction of data processing (Article 18 GDPR),

- Right to information (Article 19 GDPR),

- Right to data portability (Article 20 GDPR),

- Right to object to data processing (Article 21 GDPR).  

You can claim your rights informally, i.e. also verbally. To do so, you can contact any of the parties. The contact persons of the parties responsible for this are:

  • For the SPK: Legal Department of the Prussian Cultural Heritage Foundation, Legal Department, Von-der-Heydt-Str. 16-18, D-10785 Berlin (HV-Justiziariat [at] hv.spk-berlin.de).
  • For FIZ Karlsruhe: Data Protection Officer of FIZ Karlsruhe - Leibniz Institute for Information Infrastructure GmbH, Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen (datenschutzbeauftragter [at] fiz-karlsruhe.de)
  • For DNB: Data Protection Officer, Adickesallee 1, 60322 Frankfurt am Main (datenschutzbeauftragter [at] dnb.de).

The parties have agreed that the SPK is responsible for providing information (Art. 15 GDPR). Accordingly, you can expect to receive the information provided for in Art. 15 from the SPK when asserting a claim for information, irrespective of which party the process is assigned to in accordance with § 2.

 

§ 5 Complaint to a data protection supervisory authority

You have the right to complain to a data protection supervisory authority about the processing of your data (Article 77 GDPR).

 

§ 6 Tabular presentation of responsibilities for the processes:

 

Data processes

Responsibility for the process and data subject rights according to Art. 16 to 21 DSGVO

Responsibility for providing information according to Art. 15 DSGVO

Contact list of registered cultural and scientific institutions / data partners

SPK

SPK

Social Media

SPK

SPK

User account / DDB registration

FIZ Karlsruhe

SPK

Subscription management for newsletters

FIZ Karlsruhe

SPK

Accessing the DDB Internet pages 

FIZ Karlsruhe

SPK

Cookies

FIZ Karlsruhe

SPK

Web analysis

FIZ Karlsruhe

SPK

DDBstudio user account

FIZ Karlsruhe

SPK

Web service for entity facts

DNB

SPK

Internal database of the DDB for data partners and data sets ("DDB Go")

DNB

SPK

DNB Wiki

DNB

SPK

Mailing lists for internal communication

DNB

SPK

Functional e-mail addresses for external communication

DNB

SPK

Registration of cultural and scientific institutions

FIZ Karlsruhe

SPK