Data Protection Declaration
Name and contact information of the institution responsible for data processing and of the data protection officer
This information concerning data protection applies to the processing of data by:
Leibniz Institute for Jewish History and Culture – Simon Dubnow
Goldschmidtstraße 28, 04103 Leipzig
Phone: +49 341 21735-50, Fax: +49 341 21735-55, Email: info(at)dubnow.de
Chairperson and Director of the Dubnow Institute
Prof. Dr. Yfaat Weiss
The data protection officer of the Leibniz Institute for Jewish History and Culture – Simon Dubnow can be contacted under the address listed above c/o Ms Scheffer or by email at datenschutz(at)dubnow.de
Acquisition and storage of personal data as well as forms and purposes of data usage
When visiting the website:
When visiting our website www.dubnow.de, the browser used on your device automatically sends information to our website server. This information is stored temporarily in a so-called logfile. The following information is gathered without any action on your part and is stored until the next automatic deletion:
• IP address of the inquiring computer;
• date and time of access;
• name and URL of the accessed file;
• website from which the connection was made (referrer URL), and
• browser used and potentially the operating system of your computer as well as the name of your access provider.
This information is used on our part for the following purposes:
• guarantee of a seamless connection to our website;
• guarantee of a comfortable use of our website;
• assessment of system security and stability, and
• other administrative purposes.
The legal basis for our data processing is Art. 6 Abs. 1 S. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for the acquisition of data outlined above. Under no circumstances do we use the acquired data to make inferences related to your person.
Disclosure of data
No disclosure of your personal data to third parties will occur other than for the following purposes. We only disclose your personal data to third parties in cases where:
• you expressly agreed to the disclosure of your data according to Art. 6 Abs. 1 S. 1 lit. a DSGVO;
• a disclosure according to Art. 6 Abs. 1 S. 1 lit. f DSGVO is necessary for the enforcement, exercise, or defense of legal claims and there is no reason to assume that you have a prevailing interest in the nondisclosure of your data that is worthy of protection;
• in cases when a legal obligation of disclosure arises according to Art. 6 Abs. 1 S. 1 lit. c DSGVO;
• a disclosure is legally permissible and necessary for the implementation of contractual agreements with you according to Art. 6 Abs. 1 S. 1 lit. b DSGVO.
Transmission to third-party countries
Insofar as we process data in a third-party country (meaning outside of the European Union [EU] or the European Economic Area [EEA]) or that this occurs in the framework of the use of the services of third parties or in the disclosure or transfer of data to third parties, this only occurs in cases that serve the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. In accordance with legal or contractual stipulations, we only allow data to be processed in a third-party country when the special conditions of Art. 44 ff. DSGVO are fulfilled. This means that processing occurs for example on the basis of special guarantees such as the officially recognized ascertainment of a level of data protection meeting the standards of the EU (e.g. in the USA through the »Privacy Shield«) or through compliance with officially recognized special contractual obligations (so-called standard contractual clauses).
Performance of our services according to our statutes and business
We process the data of our members, supporters, interested parties, and other persons according to Art. 6 Abs. 1 lit. b. DSGVO, insofar as we are offering you contractual services or are active in the context of existing business relationships, for example in relation to members, or when we are ourselves the recipients of services and contributions. We moreover process data of persons according to Art. 6 Abs. 1 lit. f. DSGVO on the basis of our legitimate interests, for example in relation to our administrative tasks or public outreach. The data processed in these cases and the manner, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. This includes basic inventory and reference data of persons (e.g. name, address, etc.) as well as contact details (e.g. email address, phone number, etc.), contractual data (e.g. services used, content and information shared, or names of contacts), and payment details in cases where we offer fee-based services or products (e.g. bank details, payment history, etc.). We delete data that is no longer necessary for the fulfillment of our purposes according to our statutes and business. This is determined according to the respective tasks and contractual relationship. In the case of business processing, we keep data as long as necessary for the completion of the business and as long as any guarantees or liabilities remain relevant. Otherwise, the legal responsibilities concerning data storage apply.
Administration, financial accounting, office management, and contact administration
We process data in the framework of the administrative duties and organization of our company, of financial accounting, and of the fulfillment of legal responsibilities, for example archiving. We here process the same data as we do in the rendering of our contractual services. The basis for this processing is Art. 6 Abs. 1 lit. c. DSGVO, Art. 6 Abs. 1 lit. f. DSGVO. The concerned parties include clients, interested persons, business partners, and website visitors. Our purpose and interest in processing concerns administration, financial accounting, office management, and the archiving of data, in other words tasks that serve the maintenance of our business activities, the perception of our activities, and the rendering of our services. The deletion of data relating to contractual services and contractual communication corresponds to the tasks cited in relation to these processing activities. In this context, we disclose or transfer data to the financial administration, financial consultants such as tax consultants or auditors, as well as further financial offices and payment service providers. We moreover store data relating to suppliers, event organizers, and other business partners on the basis of our business interests, for example for the purpose of taking up contact at a later date. We generally store such predominantly company-related data permanently.
The data processed by us is either deleted according to the provisions of Art. 17 und 18 DSGVO or its processing is limited. Unless explicitly stated otherwise in this data protections statement, the data stored by us is deleted as soon as it is no longer required for its original purpose and there are no legal storage requirements barring its deletion. Insofar as data is not deleted because it is necessary for other legally permissible purposes, its processing is limited. This means that this data is locked and not used for other purposes. This concerns for example data that needs to be stored for reasons relating to business or tax law. According to German legal provisions, data storage occurs for 6 years according to § 257 Abs. 1 HGB (account books, inventories, opening balance sheets, annual financial statements, business letters, booking receipts, etc.) and for 10 years according to § 147 Abs. 1 AO (books, records, management reports, booking receipts, business letters, documents relevant to taxation, etc.).
Online presence in social media
We maintain an online presence within social media and platforms in order to communicate with the clients, interested persons, and users active in these domains and to inform them within these domains about our services. The viewing of the respective network or platform is subject to the terms and conditions and data processing guidelines of the respective provider. Where nothing further is stipulated in the framework of our data protection statements, we process user data insofar as these users communicate with us within these social networks and platforms, for example writing contributions to our online presence or sending us messages.
Use of Facebook social plugins
On the basis of our legitimate interests (meaning our interest in the analysis, optimization, and economic operation of our online services according to Art. 6 Abs. 1 lit. f. DSGVO), we use social plugins (»plugins«) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (»Facebook«). These plugins may represent interaction elements or contents (e.g. videos, graphics, or text contributions) and can be recognized by the Facebook logo (a white »f« on a blue tile, terms such as »like«, or a »thumbs up« symbol) or through the tagline »Facebook Social Plugin«. The list of Facebook social plugins and how they look can be viewed under https://developers.facebook.com/docs/plugins Facebook is certified under the Privacy Shield Agreement and thereby guarantees that it accords to European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active When a user makes use of a function of our online services containing such a plugin, the user’s device establishes a direct connection to the Facebook servers. The content of the plugin is relayed directly to the user’s device by Facebook and the user is connected to the online service by Facebook. From the data processed thereby, user profiles can be created for the users. We therefore have no influence on the scope of data that Facebook collects with the aid of this plugin and the user is therefore only informed according to our level of knowledge. Through connecting to the plugin, Facebook receives the information that a user has accessed a particular page of the online service. If the user is logged in to Facebook, Facebook can connect the visit to the respective Facebook account. When users interact with plugins, for example using the like button or writing a comment, this information is transmitted directly from their device to Facebook and is saved there. If the user is not a member of Facebook, it is still possible for Facebook to acquire and store their IP address. According to Facebook, only anonymized IP addresses are stored in Germany. The purpose and scope of data acquisition and the further processing and use of data by Facebook as well as the appertaining rights and settings options relating to the protection of the user’s privacy can be viewed under the data protection stipulations of Facebook under https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active If the user is a member of Facebook and does not wish Facebook to collect their data via this online service and to connect it with the user data stored by Facebook, the user needs to log out of Facebook before accessing our online services and to delete their cookies. Further settings and objections to the use of data for marketing purposes are available within the Facebook profile settings under https://www.facebook.com/settings?tab=ads
You have the right:
• according to Art. 15 DSGVO to demand information about the personal data relating to you that we have processed. In particular, you can demand information about the purposes of processing, the category of personal data, the categories of recipients with whom your data has been shared by us, the planned duration of storage of your data, the applicability of your right to amend, delete, or limit or object to processing of your data, the applicability of your right to complain, the origins of your data in cases where they did not originate with us, as well as the applicability of an automated decision-making process including profiling and any pertinent information in the particularities entailed therein;
• according to Art. 16 DSGVO to demand the immediate correction or completion of your personal data stored by us;
• according to Art. 17 DSGVO to demand the deletion of your personal data stored by us, insofar as the processing of this data is not required for the exercise of freedom of expression and information, for the fulfillment of legal obligations, for reasons of public interest, or for the enforcement, exercise, or defense of legal claims;
• according to Art. 18 DSGVO to demand the limitation of processing of your personal data, insofar as the accuracy of the data is uncontested by you, the processing is unlawful, but you reject its deletion, and we no longer require the data, but you need it for the enforcement, exercise, or defense of legal claims or you have objected to its processing according to Art. 21 DSGVO;
• according to Art. 20 DSGVO to demand the reception of your personal data stored by us in a structured, standard, and machine-readable format or to demand its transmission to another responsible person;
• according to Art. 7 Abs. 3 DSGVO to recall your prior consent at any time, meaning that we may no longer continue the data processing that we conducted on the basis of your prior consent, and
• according to Art. 77 DSGVO to complain to a regulating authority. You can usually turn to the regulating authority of your place of residence in this regard.
Right of revocation
You have the right to revoke your prior consent for the future according to Art. 7 Abs. 3 DSGVO.
Right of objection
Insofar as your personal data is processed on the basis of legitimate interests according to Art. 6 Abs. 1 S. 1 lit. f DSGVO, you have the right according to Art. 21 DSGVO to object to the processing of your personal data if there are reasons arising from your particular circumstances or if the objection is against direct advertising. In the latter case, you have a general right of objection that will be acted on by us without further reference to your particular circumstances. If you wish to invoke your right to revocation or objection, you can simply send an email to info(at)dubnow.de.
We employ technical and organizational security measures suited to us in order to protect your data from accidental or deliberate manipulation, partial or total loss, destruction, or unlawful access by third parties. Our security measures are continually improved in accordance with technological developments.
Validity of and changes to this data protection statement
Through the further development of our website and the services we offer thereby or on the basis of changed legal or official stipulations, it may become necessary to change this data protection declaration. This data protection declaration is valid as of May 2018.