Skip to main navigation Skip to main content Skip to page footer
Helmholtz Centre for Environmental Research - UFZ logo Helmholtz Centre for Environmental Research - UFZ logo

Data Privacy Statement of the Helmholtz Centre for Environmental Research GmbH - UFZ

 

This data privacy statement applies to our websites and our online presence on social media (YouTube, X (formerly Twitter), Instagram, LinkedIn, Mastodon and SciLogs).

(as of 06/2024)

 

I. Contact details of the data controller

II. Contact details of the Data Protection Officer

III. General information on data processing

IV. Provision of the website and creation of log files

V. Use of cookies

VI. Web analytics through Matomo

VII. Rights of data subjects

I. Contact details of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the

Helmholtz-Zentrum für Umweltforschung GmbH – UFZ
Permoserstraße 15
04318 Leipzig
Germany
Phone: +49 341 6025 1269
Email: info@ufz.de
Website: www.ufz.de

II. Contact details of the Data Protection Officer

The Data Protection Officer
Permoserstraße 15
04318 Leipzig
Germany
Phone: +49 341 6025 1227
Email: datenschutz@ufz.de
Website: www.ufz.de

III. General information on data processing

1. Scope of processing of personal data
We only process the personal data of our users insofar as this is necessary to provide a functional website and to provide our content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.  

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR will serve as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the UFZ or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR will serve as the legal basis for the processing.

3. Data deletion and storage period
The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of the data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing device in a local log file. 

The following data is collected if it is transmitted by the user's system:

  • the website from which users access our website,
  • the content of the request (specific subsite),
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transferred, file not found),
  • the description of the type of web browser used and the version used,
  • the user's Internet service provider,
  • the pseudonymised IP address of the requesting device.

Before storage, each data record is anonymised by changing the IP address. The data is not stored together with other personal data of the user.

2. Legal basis for the data processing 
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. 

3. Purpose of the data processing 
Temporary storage of the IP address is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context. 

These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is collected to provide the website, it is deleted when the respective session has ended. If the data is stored in log files, it is stored for a maximum of 31 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Possibility of objection and removal 
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing
We use technically necessary and temporary cookies on our website. We do not use persistent cookies or Flash cookies.

Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's device. When users access a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information
  • Earlier visit to prevent new pop-up adverts
  • Session information for web services.

Cookies are stored on the user's device and transmitted from there to our website. Users therefore also have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing the settings in their Internet browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of our website to their full extent.

2. Legal basis for data processing 
The legal basis for the data processing is Article 6(1)(f) GDPR and § 25 para. 2 no. 2 Telecommunications-Telemedia Data Protection Act (TTDSG). 

3. Purpose of data processing
The purpose of using technically necessary cookies is to enable basic functions of this website and to simplify the use of our website for users. 

These purposes also constitute our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR. 

The user data collected by technically necessary cookies are not used to create user profiles.

4. Duration of storage
The cookies are deleted after the browser is closed.

VI. Web analytics through Matomo

1. Description and scope of data processing
We use the open source software tool Matomo on our website to analyse the surfing behaviour of our users. The software places a cookie on the user's device. 

If individual subsites of our website are accessed, the following data is stored:

  • two bytes of the IP address of the user's calling system,
  • the website accessed and the time of access,
  • the website from which the user accessed the website (referrer),
  • the subsites that are accessed from the website accessed,
  • the time spent on the website,
  • the frequency of visits to the website
  • which browser with which plugins, which operating system and which screen resolution is used.

The software runs exclusively on the servers of our website. The data is only stored there. The data is not passed on to third parties. 

The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the truncated IP address to the accessing device, so that you as the user remain anonymous. This data is not stored together with other personal data of the user. 

2. Legal basis for the data 
The legal basis for the processing of users' personal data is Article 6(1)(a) GDPR.

3. Purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. 

4. Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes. The deletion takes place after 6 months. 

5. Possibility of objection and removal
Users have the following options:

a) Activate the "Do-Not-Track" setting in the browser 
As long as this setting is active, no user data is saved. Important: The do-not-track instruction generally only applies to the one device and browser in which the setting has been activated. If several devices/browsers are used, the "Do-Not-Track" setting must be activated separately everywhere.
 

b) Use of the opt-out function 
Data collection is stopped or reactivated by clicking the tick in the following checkbox. As long as the checkbox is deactivated, no user data will be saved. Important: To opt out, we must store an opt-out-cookie in the user's browser. If this is deleted or a different device/browser is used, the opt-out-cookie must be activated again.

Further information on the privacy settings of the Matomo software can be found at: https://matomo.org/docs/privacy/.

VII. Rights of data subjects

The data subjects whose personal data are processed in the context of the above-mentioned services have the following rights, unless statutory exceptions apply in individual cases:

1. Right to information, Article 15 GDPR
The right to information gives the data subjects comprehensive access to the data concerning them and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in § 34 BDSG apply.

2. Right to rectification, Article 16 GDPR
The right to rectification includes the possibility for the data subjects to have incorrect personal data concerning them corrected.

3. Right to erasure, Article 17 GDPR
The right to erasure includes the possibility for the data subjects to have personal data erased by the controller. However, this is only possible if this data is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in § 35 BDSG apply.

4. Right to restriction of processing, Article 18 GDPR
The right to restriction of processing includes the possibility for the data subjects to temporarily prevent further processing of their personal data. A restriction occurs in particular when other rights of the data subjects are being examined.

5. Right to notification, Article 19 GDPR
If the data subjects have asserted the right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The data subjects have the right to be informed about these recipients.

6. Right to data portability, Article 20 GDPR
The right to data portability includes the possibility for the data subjects to receive the personal data concerning them from the controller in a commonly used, machine-readable format so that they can be forwarded to another controller if necessary. According to Article 20(3) sentence 2 GDPR, however, this right is not available if the data processing serves the fulfilment of public tasks.

7. Right to object, Article 21 GDPR
The data subjects have the right to object to the future processing of personal data concerning them, provided that this data is processed in accordance with Art. 6(1)(e) or (f) GDPR. 

8. Right to withdraw the declaration of consent under data protection law, Article 7(3) GDPR
The data subjects have the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority, Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, the data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating them infringes the GDPR. The supervisory authority responsible for the UFZ is

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153, 53117 Bonn, Germany
Phone: +49 (0)228-997799-0
Email: poststelle@bfdi.bund.de