Data protection statement for DDB users

If you use the online services of the Deutsche Digitale Bibliothek (DDB), your data will be processed. The Stiftung Preußischer Kulturbesitz (SPK), represented by the President and located on Von-der-Heydt-Straße 16-18, 10785 Berlin, Germany, +49 (0)30 266 412889, info [at] hv.spk-berlin.de, is responsible for data processing. 

1. Data Protection Officer

You can find the contact details for the SPK’s Data Protection Officer(s) here: Data Protection Officer, Von-der-Heydt-Straße 16-18, 10785 Berlin, Germany, phone: +49 (0)30 266 411414, email: datenschutzbeautragte [at] hv.spk-berlin.de

2. Your rights 

With regards to your data, you have the following rights vis-à-vis SPK: 

- Right of access (Article 15 GDPR),
- Right to rectification (Article 16 GDPR),
- Right to erasure (Article 17 GDPR),
- Right to restriction of data processing (Article 18 GDPR),
- Right to information (Article 19 GDPR),
- Right to data portability (Article 20 GDPR),
- Right to object to data processing (Article 21 GDPR). 
 
You can assert your rights in an informal manner, and also verbally. If you need to get in contact, please send your request in the post, addressed to the DDB, c/o SPK, Von-der-Heydt-Straße 16-18, 10785 Berlin, Germany, or contact us by phone: +49 (0)30 266 411432, or via email: geschaeftsstelle [at] deutsche-digitale-bibliothek.de 

3. Withdrawal of your consent 

If you have given us permission to process your data, you can withdraw it at any time in the future (Article 7 GDPR). 

4. Lodging a complaint with a data protection supervisory authority

You have the right to complain to a data protection supervisory authority about the processing of your data (Article 77 GDPR). 

5. Visiting the DDB website  

5.1 Log files 

When you visit our website, the web browser of your device (e.g. computer, smartphone, tablet) communicates with our web server before the requested web page can be displayed. All requests that our web server receives from the web browser of your device are automatically recorded in a log file.

A log file contains the following data:

- Internet Protocol address (IP address) of your device,
- Date and time of when you accessed the page,
- Name of the files or web pages you accessed,
- Content you accessed,
- Volume of data transmitted, in bytes,
- Operating system, browser type, browser language, and version of browser software on your device,
- Internet page from which you accessed our site. 

The data is stored in our computer system. 

(1) Purposes of data processing

We use the data to ensure the security of the network and information. 

(2) Legal basis

We process the data on the basis of Art. 6 para. 1 p. 1 lit. e GDPR. 

(3) Planned duration of storage

We delete the data after seven days. 

(4) No objection

You cannot object to the processing of data using log files. 

5.2 Cookies 

When you first visit our website, your device's web browser stores cookies provided by our web server with information on the storage medium of your device. When you return to our website, your device's web browser delivers the cookies with your search query to our web server.  

(1) Purposes of data processing

The cookies are used to provide you with our online service (session cookies), to make our online services more user-friendly (cookies settings) or to recognise you when you next visit our site and to evaluate your user behaviour (your search terms, frequency of your visit to our web pages and your length of stay on our web pages) anonymously (tracking cookies). 

(2) Legal basis 

We use the cookies on the basis of Art. 6 para. 1 p. 1 lit. e GDPR. 

(3) Planned duration of storage

Session cookies are only stored for the duration of your visit to our web pages and automatically deleted when you log out or close your device's web browser. We delete the cookies settings after one year at the latest and the tracking cookies after seven days. Whenever you visit our website, the storage periods of the setting and tracking cookies are refreshed. 

(4) Disabling or restricting cookies 

You can use the security settings in your device's browser to control whether cookies are stored on your device's hard drive. It is possible to set your default settings to never accept any cookies (or only accept when asked), or that cookies are deleted every time you close your web browser. Please note that if you deactivate or restrict cookies, you may no longer be able to use all the functions of our website to their full extent. You can delete cookies that have already been saved at any time. 

(5) Objection

If you do not want us to evaluate your user behaviour anonymously (tracking cookie), you can inform us of this. Please note that you must object to the anonymous evaluation of your user behaviour for each device that you use to access our website. In the event of your objection, we will store a cookie containing this information on the storage medium of your device for ten years and will not evaluate your user behaviour during this time. The tracking cookie is stored again on the storage medium of your device when you visit our website after the expiration of this ten year period. You can then contact us again if you still do not want us to anonymously evaluate your user behaviour. 

5.3 Web Analysis  

We use the web analytics application Matomo so that we can statistically evaluate your visits to our web pages anonymously. When you visit our website, Matomo collects the following data: 

- Internet Protocol address (IP address) of your device,
- Date and time of when you accessed our site,
- Name of the files or web pages you have accessed,
- Content you accessed,
- Volume of data transmitted in bytes,
- Operating system, browser type, language of the browser and version of the browser software,
- Internet page from which you accessed our site,
    
We store the data in the database of our computer system. We store your IP address in abbreviated form. It is therefore no longer possible to assign the data to your device. Matomo also uses a tracking cookie. 

(1) Purposes of data processing

We use the data to evaluate your user behaviour anonymously. Since we do not store your IP address completely, you remain anonymous. 

(2) Legal basis 

We use Matomo on the basis of Art. 6 Para. 1 P. 1 Lit. e GDPR. 

(3) Planned duration of storage

The anonymous data will not be deleted. 

5.4 Use of Social Media Plugins 

We use social media plugins from Facebook, Twitter and Google+ to make it easier for you to share our online services. Through the social plugins you communicate directly with Facebook, Twitter and Google+. 

(1) Sharing data with social networking sites 

When you visit our website, no data is passed on to social networking sites. Only when you activate the social plugins via the opt-in option do the social networks receive the information that you have visited our websites. You should assume that the social networks will collect your data, store it as user profiles and use it for advertising, market research and to make their websites user-friendly. The data collection by the social networking sites takes place regardless of whether you have a user account there and are logged in with them. If you are logged in to the social networking sites, the data will be assigned to your user account at the respective social network. 

(2) Planned duration of storage

We cannot influence the data processing operations carried out by the social networking sites. We do not determine which data is processed by social networking sites for which purposes and within which storage periods. 

(3) Cookies 

Social networking sites typically store cookies on your device. We cannot influence the content, type and function of cookies. 

(4) Objection

If you want to make sure that the social networking sites do not collect your data, then you must check that the social media plugins are not activated. The same applies if you no longer want to use the social media plugins.

5.5 Social media channels

We operate social media channels to communicate with interested users and inform them about the latest news from the DDB. 

(1) Facebook fan page 

The DDB Facebook fan page is operated by Facebook Inc. (1 Hacker Way (9,134.11 km) Menlo Park, CA 94025, United States). Details on the handling of user data can be found here. It is currently not clear whether Facebook meets the requirements for the level of protection of personal data required in the European Union. With this in mind, there are risks to data protection associated with the use of the Facebook fan page. Your data will be collected without DDB gaining knowledge of it or having any influence over it. The following data can be collected by Facebook:

- Information, communications, and content you provide (e.g. account registration, content creation and sharing, messaging, metadata, Facebook features (e.g. camera filters),
- Networks and connections (e.g. persons, pages, accounts, hashtags, groups, products with which the user is affiliated, contact information uploaded by you),
- Your user behaviour (e.g. content that the user views or interacts with, actions, time, duration, and frequency of activities),
- information and activities provided by other users (e.g. analysis of content, communications and information about the user to other persons),
- Device information (e.g. device properties, actions on the device, identifiers, device signals, data from device settings, network and connections, cookie data).

(2) Vimeo

The DDB Vimeo Channel is operated by Vimeo Inc. (Vimeo, Inc. 555 West 18th Street, New York, NY 10011, United States). Details on the handling of user data can be found here. Your data will be collected without DDB gaining knowledge of it or having any influence over it. The following data may be collected by Vimeo:

- Profile information,
- Content (e.g. video, text, image, metadata, communication, interaction with other users)
- Technical data (e.g. IP address, device information, search history, cookie data),
- Third party information: Transaction data, data from analysis tools. 

(3) Twitter 

When you visit our web pages, no Twitter cookies with information are stored on the storage medium of your device. Details on the handling of user data can be found here

6. User account 

If you set up a user account, you can register with us. After your registration, you can use our personalised portal and apply for an authentication key for the use of API. 

6.1 Account setup 

When the account is being created, we save:

- Your username,
- Your password,
- Your email address,
- Your IP address,
- Date and time of setup and confirmation. 

6.2 Identification via third-party providers 

You can also use your existing account with one of the third-party providers, such as Facebook, Google+ and Yahoo to sign in to the DDB. When you register using your login details for a third party provider, the provider will also process your data, although we do not know the details. 

6.3 Purposes of data processing 

We use the data to ensure your personalised use of our online portal and APIs, as well as to verify your registration and to clarify any misuse of the data, if necessary.

6.4 Consent 

If you set up your user account, your consent to the processing of your data will be obtained here

6.5 Legal basis 

We process the data on the basis of Art. 6 para. 1 p. 1 lit. a GDPR.   

6.6. Planned duration of storage

We will delete your IP address after seven days. The remaining data will be stored until you withdraw your consent. 

6.7 Withdrawal of your consent

You can withdraw your consent at any time here

7. DDBpro (the portal for Deutsche Digitale Bibliothek data partners) 

Our (future) cooperation partners must create a user account on our online portal for data partners (DDBpro) via an employee(s). 

7.1 User Account 

As an employee, you create a user account for your institution here. For the creation of the account, we ask for: 

- Your first and last name,
- Your job title,
- Your password,
- Your work email address,
- Your work phone number,
- Name and address of your institution. 

We store the data at the time the account is set up. In addition, we store your IP address as well as the date and time when the account was set up and confirmed. 

7.2 Consent

If you create a user account for your institution, your consent to data processing will be obtained here

7.3 Purposes of data processing 

We use the data to present your institution on our website. 

7.4 Legal basis 

We process the data on the basis of Art. 6 para. 1 p. 1 lit. a GDPR.   

7.5 Planned duration of storage

We will delete your IP address after seven days. We store the remaining data until you have effectively withdrawn your consent. If your institution informs us in advance that you are no longer responsible for operating the user account, the data will be deleted immediately.   

7.6 Withdrawal of your consent

You can withdraw your consent at any time here

8. DDBstudio

Before you can use our "DDBstudio" service as a trustee, we will create a user account for you.

For the creation of the account, we ask for:

- Your first and last name,
- Your work email address,
- Your function [Administrator or Trustee],
- Name and address of your institution.

8.1 Purposes of data processing

We use the data in order to safeguard the use of our service "DDBstudio" as well as to verify your registration and to be able to clarify any misuse of the data, if necessary. 

8.2 Legal basis

We process the data on the basis of Art. 6 para. 1 p. 1 lit. b GDPR.   

8.3 Storage duration

We store the data for as long as the exhibition is published on our online portal. If you inform us beforehand that you are no longer responsible for the exhibition, the data will be deleted immediately. 

9. DDB Newsletter

9.1 Consent

You can subscribe to the DDB Newsletter here free of charge. If you subscribe to the newsletter, we will obtain your consent for the processing of data. In order for the newsletter to be sent, you must provide your email address. If you have confirmed your subscription to the newsletter, we will store your email address, your IP address and the date and time of your subscription and confirmation. 

9.2 Purposes of data processing 

We use your email address to send you our newsletter. We save the date and time of your registration and confirmation in order to be able to verify your registration and to clarify any misuse of your data, if necessary. 

9.3 Legal basis

We process the data on the basis of Art. 6 para. 1 lit. a GDPR.

9.4 Planned duration of storage 

The data is stored so long as you are still subscribed to the newsletter. 

9.5 Withdrawal of your consent 

You can withdraw your consent to receive the newsletter here. You can declare your withdrawal by entering your email address and clicking on "Unsubscribe".

10. Further questions

If you have any questions about our privacy policy, please email us at geschaeftsstelle [at] deutsche-digitale-bibliothek.de.

Please note that, in accordance with Art. 6 para. 1 p. 1 lit. e GDPR, we will store all data provided by you by email until we have conclusively answered your enquiry.