Data Protection Declaration
In this Data Protection Declaration, we inform you about the processing of your personal data in connection with the use of our website and within the framework of our research purposes.
Personal data constitutes information which relates to an identified or identifiable person. This in particular includes information which permits a conclusion about your identity as a person, such as for example your name, telephone number or E-Mail address. Personal information does not include statistical data which we, for example, collect from a visit to our website and which cannot be connected to your identity.
You can print out or store this Data Protection Declaration by using the usual functions of your browser.
1. Responsible Data Controller and Contact Data
The responsible data controller as defined in the EU General Data Protection Regulation is:
Zentrum für Osteuropa- und internationale Studien (ZOiS) gGmbH
hereinafter referred to as: “ZOiS”, “we” or “us”.
+49 (30) 2005949-23
2. Data Protection Officer
Please address any questions or wishes connected with the protection of your data by post to the address specified above or by E-Mail to: datenschutz(at)zois-berlin(dot)de
3. Data Processing for Research Purposes
Within the framework of our research, we process numerous personal data. In addition to a name, address and contact details, this also amongst other things includes the contents of social media profiles, statements made in newspaper articles, reports broadcast on television, interviews and documentation as well as statements published on the Internet. We collect the data specified above from public and private media such as radio, television, Internet and social networks such as for example Facebook, and conduct interviews with persons affected.
We process the data specified above in order to fulfil our research instruction, in particular in order to conduct fundamental research relevant to society regarding eastern Europe and the post-soviet area.
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation (to the extent to which it does not involve special categories of personal data), on the basis of our justified interest of conducting research relevant to society regarding eastern Europe and the post-soviet area.
Numerous data processed in the course of our research constitutes special categories of personal data as defined in Art. 9 General Data Protection Regulation. This particularly is sensitive data which is classified as especially worthy of protection. This for example includes:
- information which qualifies the persons affected as members of a particular race, skin colour, ethnic group or minority
- information revealing the political views of the person affected
- information which can indicate the religious or ideological convictions of a person affected
- information which permits conclusions about trade union membership
- information which permits conclusions about sex life or sexual orientation.
The legal basis for the data processing specified above is Art. 9(4) General Data Protection Regulation in conjunction with Section 27(1) Federal Data Protection Act. To the extent to which the data specified above is published, the legal basis for publication is Art. 9(4) General Data Protection Regulation in conjunction with Section 27(4) Federal Data Protection Act.
4. Visiting our Website / Access Data
Upon every use of our website, we collect the data which your browser automatically transmits in order to enable you to visit our website. This in particular includes:
- IP address of the searching user device
- Date and time of the request
- Address of the requesting website and the target website
- Information about the browser used and the operating system of the user device
- Access status/http – status code
The data processing is necessary in order to enable the website visit and to guarantee the permanent functionality and security of our systems. The specified data is also temporarily stored in internal log files for the purposes described above in order to create statistical information about the use of our website in order to further develop our website with regard to the user behaviour of our visitors (e.g. if the proportion of mobile user devices with which the website is visited increases) and to take care of the administration of our website.
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation.
The information stored in the log files does not enable us to draw any direct conclusions about persons – in particular, we only store IP addresses in shortened form. The log files are stored in anonymous form for 30 days and subsequently deleted as long as no security case arises. If a security case is found to have arisen, deletion only takes place once there is no longer a justified interest in further storage.
5. Making Contact
You have the possibility of contacting us by E-Mail and by telephone. In this context, we only process data for the purpose of communicating with you.
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation.
You have the opportunity to order our newsletter in which we regularly inform you about new developments and events.
Our newsletter can be ordered by the so-called double opt-in procedure, i.e. we will only send you newsletters by E-Mail if you click on a link in our notification E-Mail to confirm that you wish to receive our newsletters. If you confirm your wish to receive the newsletter, we store your E-Mail address, the time of registration and the IP address used for registration until you de-register for the newsletters. Such storage solely serves the purpose of being able to send you the newsletters and prove your registration. You can de-register for the newsletters at any time. A corresponding de-registration link is contained in every newsletter. A notification to the contact data specified above or in the newsletter (e.g. by E-Mail or letter) is naturally also sufficient for this.
The legal basis for the data processing specified above is Art. 6(1) a) General Data Protection Regulation.
In our newsletter, we use technologies usual in the market by which the interactions with the newsletter can be measured (e.g. opening the E-Mail, links clicked). We use this data in pseudonym form for general statistical evaluations and for the optimisation and further development of our content and customer communication. This takes place with the aid of small graphic elements which are embedded in the news (so-called pixels). The data is collected only in pseudonym form, i.e. the IDs are not connected with your other personal data, so that direct personal reference is excluded.
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation, on the basis of our justified interest specified above.
If you object to the analysis of use behaviour, you can de-register for the newsletter (see below) or deactivate graphics as a standard setting in your E-Mail programme. You will find further information in the instructions for Microsoft Outlook and Mozilla Thunderbird. We want to use our newsletter to share the most relevant possible content for our customers and better understand what actually interests the reader. Data about the interaction with our newsletters is stored in pseudonym form for 30 days and subsequently made completely anonymous.
7. Job Applications
Under “Job Vacancies” you can call up our current invitations for job applications and apply online. The purpose of the data processing is the selection of applicants for the possible establishment of an employment relationship. We in particular collect the following data for the receipt and processing of your job application on the basis of the information voluntarily provided by you: first name and surname, E-Mail address and application documents (e.g. references, curriculum vitae).
The legal basis for the data processing specified above is Art. 6(1) b) General Data Protection Regulation and Art. 88(1) General Data Protection Regulation in conjunction with Section 26(1) sentence 1 Federal Data Protection Act.
You will find further information in the Data Protection Information for Job Applicants.
8. Cookies and Comparable Technologies
8.1 Use of Our Own Cookies
For some of our services, it is necessary for us to use so-called cookies. A cookie is a small text file which is stored on your device by the browser. Cookies are not used to implement programmes or load viruses on to your computer. The main purpose of our own cookies is instead to provide you with an offer specially tailored to you and thereby to design the use of our service with the greatest possible time efficiency.
We in particular use our own cookies:
- A session cookie for log-in authentification;
- A Matomo opt-out cookie is set if a user confirms the opt-out;
- In order to note that you have been shown information placed on our website – so that this is not shown again upon the next visit to the website.
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation, on the basis of our justified interest. In doing so, we wish to enable more comfortable, individual use of our website for you.
8.2 Analysis Measures
The legal basis for the data processing specified above is Art. 6(1) f) General Data Protection Regulation, on the basis of our justified interest in structure tailored to suit requirements and the continual optimisation of our website.
The data collected can in particular include
- the IP address of the device (which is automatically rendered anonymous)
- the date and time of access
- the identification number of a cookie
- device brand and model of mobile devices
- technical information about the browser and the operating system.
However, the data collected is exclusively stored in pseudonym form, so that no direct conclusions about the persons are possible.
In the following descriptions of the technologies we use, you will in each case find information about the possibilities of objection with regard to our analysis measures by means of so-called opt-out-cookies. Please note that after the deletion of all cookies in your browser or upon later use of another browser and/or profile, an opt-out cookie must once again be set.
We describe the possibilities for objecting to our analysis measures below. Alternatively, you can exercise your right to object by corresponding settings on the websites Truste or Your Online Choices which make available collective opportunities for objection. Both websites offer the opportunity to deactivate all advertising for the listed providers by means of opt-out cookies at once, or alternatively to undertake individual settings for each provider.
In the following section, we would like to explain these technologies and the providers used for this to you in more detail.
Our website uses Matomo (formerly known as Piwik), an open-source analysis platform of InnoCraft Ltd., 150 Willis St, 6011, Wellington, New Zealand. Matomo uses a cookie in order to analyse our website with regard to your user behaviour. The cookie which is stored on your computer when you visit our website stores and also transmits your anonymised IP address. This means that when the data is transferred to our server, the IP address is shortened in such a way that we can no longer identify you as a visitor to our website. The user data transmitted by the cookie to us is only evaluated by us and not passed on to third parties. Evaluation exclusively serves to optimise and further develop our website.
As described above, you can configure your browser in such a way that it automatically deflects cookies or you can prevent the collection of the data generated by the cookie and related to your use of this website (including your IP address) by selecting the following button.
You will find further information about this in the Data Protection Information of Matomo.
9. Social Networks
We operate a fan page on the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”) at our joint responsibility, amongst other things in order to communicate with interested parties and followers, and inform them about our products and services.
In this context, we can receive from Facebook statistics about the use of our fan page (e.g. statements about the number, names, interactions, e.g. likes or comments, as well as summaries of demographic and other information or statistics with the aid of certain parameters about our enterprise and the offer on our fan page, which help us to find out something about the interaction with our website) by Facebook and/or fan page users. You will find further information about the type and scope of these statistics in the Facebook Page Statistics Notes and about the respective responsibilities in the Facebook Pages Insights Supplement.
The legal basis for the data processing specified above is Art. 6(1) b) General Data Protection Regulation and Art. 6 (1) f) General Data Protection Regulation on the basis of our justified interest specified above.
We have no influence on data which is processed in this context by Facebook at its own responsibility in accordance with the Facebook conditions of use. However, we point out that when you visit the fan page, data about your use behaviour on Facebook and the fan page will be transmitted to Facebook. Facebook itself processes the aforementioned information in order to produce more detailed statistics and for its own market research and advertising purposes, on which we have no influence. You will find further information about this in the Data Protection Information of Facebook. In case personal data is transmitted to the USA, Facebook has subjected itself to the EU-US Privacy Shield.
To the extent to which we are in possession of personal data of users in the operation of the fan page, users are entitled to the rights specified in this Data Protection Declaration. If users wish to assert rights against Facebook above and beyond this, the simplest option for users is to approach Facebook directly. Facebook knows both the details about the technical operation of the platform and the data processing connected with this as well as the specific purpose of the data processing, and can upon request implement appropriate measures if users make use of their rights. We are happy to support users in the assertion of their rights to the extent to which this is possible for us, and forward user enquiries to Facebook.
We operate social media on Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA (“Twitter”). If you do not have your own account at Twitter or are not logged in there, no personal data is transferred upon a visit to the provider page through our link. We point out to you that we have no influence on the conditions of use of Twitter and the services offered by Twitter, and only limited influence on its data processing. Please therefore examine carefully which data you notify to us through the social network. We cannot accept any liability for conduct by the operator of the social networks and other users, as well as third parties which may cooperate with Twitter or likewise use their services.
To find out about the purpose and scope of data collection and the further processing and use of the data, as well as your rights in this context and the settings possibilities to protect your privacy, please see the Data Protection Declaration of Twitter. In case personal data is transmitted to the USA, Twitter has subjected itself to the EU-US Privacy Shield.
We have embedded audio content in our website which is stored at Soundcloud and can be played directly from our website. Soundcloud is operated by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin (“Soundcloud”).
When you visit our website, Soundcloud receives the information that you have called up the relevant sub-page of our website. This takes place regardless of whether you are logged in to Soundcloud or not. Soundcloud uses this data for the purpose of advertising, market research and tailor-made structure of its websites. If you call up Soundcloud on our website whilst you are logged in to your Soundcloud, Soundcloud can link this occurrence to your profile. If you do not wish this attribution to take place, it is necessary to log out of Soundcloud before visiting our website.
The legal basis for the data processing specified above is Art. 6(1) sentence 1 f General Data Protection Regulation, on the basis of our justified interest in embedding audio content. You will find further information about this in the Data Protection Information of Soundcloud.
9.4 Social Media Plug-ins
Our website contains links which activate functions of individual social networks. If you do not click on these links, no data will be transferred to the provider. If you click on one of these links; a direct connection will be established between your browser and the social network even without you leaving our website. The server of the respective social network hereby receives the information that you have visited our website with your IP address.
The legal basis for the data processing specified above is Art. 6(1) sentence 1 f General Data Protection Regulation, on the basis of our justified interest that you share our content through social networks and we thereby increase our radius.
We use plug-ins from the following providers:
Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can recognise links on our website which connect you to Facebook by the Facebook logo ("f"). You will find further information about this in the Data Protection Information of Facebook. In case personal data is transmitted to the USA, Facebook has subjected itself to the EU-US Privacy Shield.
LinkedIn Inc., 505 N Mathilda Ave, Sunnyvale, CA 94085, USA (“LinkedIn”). You can recognise links on our website which connect you to LinkedIn by the LinkedIn logo ("in"). You will find further information about this in the Data Protection Declaration of LinkedIn. In case personal data is transmitted to the USA, LinkedIn has subjected itself to the EU-US Privacy Shield.
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can recognise links on our website which connect you to Twitter by the Twitter logo (a bird). You will find further information about this in the Data Protection Declaration of Twitter. In case personal data is transmitted to the USA, Twitter has subjected itself to the EU-US Privacy Shield.
WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025 (“Whatsapp”). You will find further information about this in the Data Protection Declaration of Whatsapp. In case personal data is transmitted to the USA, Whatsapp has subjected itself to the EU-US Privacy Shield.
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“Youtube”) – a group company of Google LLC - and Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can recognise links on our website which connect you with YouTube by the YouTube logo (a "Play" button). You will find further information in the Data Protection Declaration of Google, which also applies for Youtube. In case personal data is transmitted to the USA, Google and the group company YouTube have subjected themselves to the EU-US Privacy Shield.
If you click on such a link whilst you are logged in to such a service, the visit to our website can be attributed to your user account at this service. You can prevent this by logging out of the relevant account before clicking on the relevant link.
10. Recipients of the Data
In principle, data collected by us is only passed on if:
- you have granted your express consent to this pursuant to Art. 6(1) a) General Data Protection Regulation or Art. 9(1) a) General Data Protection Regulation;
- the forwarding of such data pursuant to Art. 6(1) f) General Data Protection Regulation or Art. 9(2) f) General Data Protection Regulation is necessary for the assertion, exercise of or defence against legal claims and there are no grounds for the assumption that you have an overriding interest in preventing the onward transmission of your data which is worthy of protection;
- we have a statutory obligation to pass on the data pursuant to Art. 6(1) c) General Data Protection Regulation;
- this is permitted by statute and is necessary pursuant to Art. 6(1) b) General Data Protection Regulation for the implementation of contractual relationships with you or for the conduct of pre-contractual measures which take place because you so desire;
- the forwarding pursuant to Section 27(1) Federal Data Protection Act is necessary within the framework of our research and our interests in the processing considerably outweigh your interests in preventing processing, or
- publication pursuant to Section 27(4) Federal Data Protection Act is indispensable for the presentation of our research results about events of contemporary history.
Some of the data processing may take place through our service providers. In addition to the service providers specified in this Data Protection Declaration, these service providers can in particular include computer centres which store our website and data banks, IT service providers who service our system, consultancy firms, suppliers, haulage companies and postal service providers. If we pass on data to service providers, they may only use the data exclusively for the performance of their tasks. We have carefully chosen and instructed the service providers. They are contractually bound by our instructions, have put in place suitable technical and organisational measures for the protection of the rights of the persons affected and are regularly checked by us.
In addition, data can be passed on in connection with public authority enquiries, court orders and legal proceedings if this is necessary for pursuing or enforcing the law.
11. Storage Duration
In principle, we only store personal data as long as necessary for the fulfilment of contractual or statutory duties for which we collected the data. After this, we delete the data without undue delay unless we still require the data until the expiry of the statutory period of prescription for purposes of proof for civil law claims or due to statutory periods of safekeeping.
We have an obligation to store contractual data for purposes of proof for three years after the end of the year in which the business relationship with you ends. Any claims become statute-barred at the earliest at this time in accordance with the usual statutory period of prescription.
Even after this time, we must store some of your data for accounting reasons. We have an obligation to do so due to statutory duties of documentation which can result from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act, and the Securities Trading Act. The time-limits prescribed there for the safekeeping of documents are between two and ten years.
12. Your Rights
Under the respective statutory preconditions, you have the following statutory data protection rights:
- Right to information (Art. 15 General Data Protection Regulation, Section 34 Federal Data Protection Act)
- Right to deletion (Art. 17 General Data Protection Regulation, Section 35 Federal Data Protection Act)
- Right to correction (Art. 16 General Data Protection Regulation, Section 34 Federal Data Protection Act)
- Right to restrict processing (Art. 18 General Data Protection Regulation)
- Right to data transferability (Art. 20 General Data Protection Regulation)
The rights specified above can be restricted if they would otherwise mean that the realisation of our research would become impossible or would be seriously impaired, and the restriction is necessary for the conduct of our research. In addition, the right to information also does not exist if the data is necessary for the conduct of our research and the provision of information would require a disproportionate amount of time, effort and/or expenditure.
In order to assert your rights described here, you can approach the responsible data controller stated in the contact data provided under “Responsible Data Controller and Contact Data” at any time. You also have the right to complain to the data protection supervisory authority responsible for us, the Berlin Officer for Data Protection and Freedom of Information: Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin. You can assert this right at a supervisory authority in the member state where you have your usual place of abode, your place of work or the place of the alleged breach.
13. Right of Revocation and Objection
According to Art. 7(3) General Data Protection Regulation, you have the right to revoke consent already granted in relation to us at any time. This has the consequence that we will no longer continue the data processing based on this consent for the future. Revocation of the consent does not affect the legality of the processing which took place in the past on the basis of the consent up until the time of revocation of consent.
To the extent to which we process your data on the basis of justified interests as defined in Art. 6(1) f) General Data Protection Regulation, you have the right to object to the processing of your data pursuant to Art. 21 General Data Protection Regulation to the extent to which there are reasons for this which result from your special situation or to the extent to which the objection addresses direct advertising. In the latter case, you have a general right of objection which we will also respect even without a statement of reasons.
In order to assert your right of revocation or objection, you can send a notification without any form requirements to the responsible data controller stated in the contact data provided under “Responsible Data Controller and Contact Data”.
14. Website Security
We maintain up-to-date technical measures to guarantee data security, in particular to protect your personal data from risks in data transfer and from knowledge of them being gained by third parties. These are in each case adjusted to reflect the latest technological standards. In order to secure the personal data you provide to us on our website, we use transport layer security (TLS), which encodes the information you provide.
15. Changes to the Data Protection Declaration
We occasionally update this Data Protection Declaration, for example if we adjust our website or the statutory provisions change.
© ZOiS – Version 2 / October 2018
Earlier verions of the ZOiS Data Protection Declaration