Data Protection Policy
Leibniz Centre for Contemporary History (ZZF): Data Protection Policy for all Online Offerings operated by the ZZF
Name and contact details of the operator (postal address and e-mail address)
The controller responsible for the processing of personal data pursuant to Article 4 of the General Data Protection Regulation (GDPR) and Section 46 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) is:
Leibniz-Zentrum für Zeithistorische Forschung Potsdam e.V.
Am Neuen Markt 1, D-14467 Potsdam
Phone: +49 331 28991-57
E-mail: sekretariat [at] zzf-potsdam.de
Board of Directors:
Prof. Dr. Frank Bösch
Prof. Dr. Martin Sabrow
Adherence to the applicable data protection provisions is monitored by the institute’s Data Protection Officer, namely:
Dr. Ralf Ahrens
Leibniz-Zentrum für Zeithistorische Forschung Potsdam e.V.
Am Neuen Markt 1, D-14467 Potsdam
E-mail: datenschutz [at] zzf-potsdam.de
The ZZF processes personal data in compliance with the European GDPR, the BDSG and the national data protection provisions applicable to the Centre for Contemporary History Potsdam as the technical operator. The purpose of this data protection policy is to inform the general public of the nature, scope and purpose of the personal data collected and processed by the ZZF when its online offerings are used. This data protection policy also informs data subjects of their rights.
As the controller, the ZZF has implemented numerous technical and organisational measures to ensure the best possible protection of personal data processed through this website. However, the electronic transmission of data can, in principle, have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us through alternative (analogue) means, for example by telephone.
The terms “personal data”, “data subject”, “processing”, “restriction of processing”, “profiling”, “pseudonymisation”, “controller”, “processor”, “recipient”, “third party” and “consent” used in this data protection policy are based on the definitions provided in Chapter 1 Art. 4 of the GDPR.
Purpose(s) and procedures for data processing
The ZZF endeavours to operate all its online offerings in such a way that they can be used without providing personal data. If the provision of personal data is required for the use of specific information services, then explicit consent is obtained.
However, for the purposes of the technical operation of its portals, its own reporting system and its accountability to public donors, the ZZF is required to store personal data to a certain extent and for certain purposes. Yet in accordance with its charter, the ZZF does not pursue any commercial goals and does not use personal data for commercial purposes or marketing. The individual data-processing procedures used are explained below.
Data subjects can prevent the ZZF website from storing cookies in their web browser at any time by checking the corresponding setting in their web browser and thus permanently opt out of the storage of cookies. In addition, cookies that are already stored in the web browser can be deleted at any time using a web browser or other software programs. This is possible in all common web browsers. By deactivating the storage of cookies in their web browser, the data subject might not be able to use all of the functions and features offered on this website.
The ZZF website uses the open source web analytics service Matomo. Matomo uses so-called "cookies" (see above). For this purpose, the information generated by the cookie about the use of this website is stored on a dedicated server locally at the ZZF. The IP address is anonymized before it is stored.
The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser.
If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.
Server protocols and log files
Each time a data subject or an automated system visits the ZZF website, the ZZF web servers record a range of general data and information. These general data and information are stored in the server log files. The following can be recorded: (1) browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches the ZZF website (so-called referrer); (4) the web subpages which are visited via an accessing system on the ZZF website; (5) the date and the time of access to the website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system; and (8) other similar data and information which serve to avert dangers in the event of attacks on our information technology systems.
When using these general data and this information, the ZZF does not draw any conclusions about the data subject. Instead, this information is needed (1) to correctly deliver the contents of our website; (2) to ensure the permanent functionality of our information technology systems and the technology of our website; and (3) to make available to law enforcement authorities the information needed for prosecution in the event of a cyber-attack. The data and information are analysed by the ZZF with a view to increasing operational security in order to ensure an optimum level of protection for the personal data processed by us. The data in the server log files are stored separately from all personal data provided by a data subject, are stored only for the above-mentioned purposes, and deleted after seven days.
Registering on the institute’s website
Users can register for various online services on the ZZF website, during which personal data are transferred. It must be noted that these registrations (with the exclusion of newsletter delivery, see below) are exclusively reserved for institute members with the requisite access information. The processing of personal data of ZZF employees is regulated separately and not further detailed here.
The ZZF informs interested persons over the age of 16 about the work of the institute by means of a regular newsletter. Visitors can subscribe to this newsletter via the institute’s website. What types of personal data are transmitted to the controller when the newsletter is ordered is determined by the input mask used for this purpose.
The data subject can only receive the ZZF newsletter if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. This is in accordance with the so-called double opt-in procedure. Data subjects can also permanently unsubscribe from the newsletter via a link in the respective newsletter.
The personal data collected in the course of registering for the newsletter are used exclusively for the mailing of the newsletter. Tracking via so-called tracking pixels does not take place. The personal data collected as part of the newsletter service are not passed on to third parties. The data subject can unsubscribe from the newsletter at any time, the simplest way being by replying by e-mail to the originating address of the newsletter. The consent to the storage of personal data (name, e-mail) provided to the ZZF by the data subject for the newsletter mailing can be withdrawn at any time. All data recorded for the newsletter mailing are deleted immediately upon unsubscribing.
Entry forms for contact with editorial departments and operators
Some of the webpages of the ZZF contain entry forms that facilitate the speedy electronic contact to editorial departments and controllers, something that requires entering an e-mail address and a name. If a data subject contacts the ZZF via e-mail or a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data voluntarily transmitted by a data subject are used solely for processing purposes or for contacting the data subject. These personal data are not passed on to third parties. The transmitted data will be deleted immediately upon request.
Handling of comments and posts
If you leave a post or comment on webpages of the ZZF, we do not store any information about the contributor beyond the data provided in the entry form. We especially do not store any IP addresses. All details are provided on a voluntary basis and editorially reviewed prior to publication. You can demand the deletion of a comment at any time via the contact address provided or the address of the editorial department for the specific website.
Event registrations with eveeno
The ZZF uses the online provider eveeno to manage registrations for individual events. Eveeno operates in compliance with the European Data Protection Regulation (DSGVO). As a matter of principle, the provider does not pass on contact data of organizers and participants to third parties. Participants do not need to register with eveeno to register for an event. eveeno processes all data on behalf of the ZZF in accordance with a contract for commissioned processing (AV contract) pursuant to Art. 28 DSGVO. Further information (in German) can be found at: https://eveeno.com/doc/hilfe-und-faq/datenschutz-bei-eveeno/
Social Media Platforms
We use the following social media or streaming platforms to inform the public about the work of the ZZF and its research findings. Please note the privacy statements and opt-out options linked below.
Facebook ZZF (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
Opt-Out: https://www.facebook.com/settings?tab=ads alternativ http://www.youronlinechoices.com
All these platforms may process personal data outside the EU; in this respect, we refer to the above data protection declarations of the respective providers. The ZZF has no influence whatsoever on the type and scope of the data processed by the aforementioned platforms, on the way in which it is processed and used, or on the transfer of this data to third parties. In this regard, the ZZF has no effective means of control and can therefore only refer to the aforementioned data protection declarations of the providers.
Social media “Recommend” buttons
Some of the webpages of the ZZF use “Like” buttons from social media platforms such as Facebook, Google+ and Twitter. These buttons are implemented on the ZZF webpages in such a way that no data are transmitted to the aforementioned platforms when the page is accessed. The script “Social Share Privacy” (https://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html) is used for this purpose. The “Recommend” button must first be activated by a user. Only thereafter and with an additional click are data transmitted to the respective platform operator. The data protection provisions of the respective social media provider set out the purpose and scope of this data collection and the further processing and use of the data. The ZZF itself does not store any data resulting from the use of social media “Recommend” buttons.
Routine erasure and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Rights of the data subject
Right to confirmation
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by the ZZF.
Right to information
If such processing has taken place, you can request the following information from the controller:
o the purposes of the processing (see above);
o the categories of personal data concerned (see above);
o the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
o where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
o the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
o the right to lodge a complaint with a supervisory authority;
o where the personal data are not collected from the data subject, any available information as to their source;
o the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have the right to request information as to whether the personal data concerning him or her are transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to be informed of the appropriate guarantees relating to the transfer.
If the data subject wishes to exercise the right to information, he or she can contact an employee of the controller for this purpose at any time.
Right to rectification
You have the right to obtain from the controller without undue delay the rectification or completion of inaccurate personal data concerning you. The controller shall make the rectification without undue delay.
Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
o the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
o the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
o the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
o the personal data have been unlawfully processed;
o the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
o the personal data of minors under the age of 16 have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary
o for exercising the right of freedom of expression and information;
o for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
o for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
o for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You have the right to obtain restriction of processing of personal data concerning you where one of the following applies:
o the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
o the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
o the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
o the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Insofar as one of the above-named conditions applies and a data subject wishes to demand the restriction of processing of personal data stored by the ZZF, they can contact the above-named controllers at any time for this purpose.
Right to data portability
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
o the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
o the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to information
If you have exercised your right to have the controller rectify, erase or limit the processing of personal data, they are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction on processing, unless this proves impossible or involves disproportionate effort.
The controller shall inform you about those recipients if you request it.
Right to object
Every data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
In the event of an objection, the ZZF shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to withdraw data protection consent
Every data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she can contact an employee of the controller for this purpose at any time.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.