Privacy Policy
The German National Library takes the protection of your personal data very seriously. You have the right to know which data is collected, when it is collected, and how it is processed. We have implemented technical and organisational measures to ensure that data protection regulations are complied with.
Amendments to this privacy policy may become necessary as we develop our website and implement new technologies in order to improve the service we offer you. For this reason, we recommend you reread this privacy policy from time to time.
I. Name and address of data controller
as defined in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other data protection legislation:
German National Library
Federal institution with legal capacity under public law, represented by its Director General
Frank Scholze
Adickesallee 1
60322 Frankfurt am Main
Germany
postfach@dnb.de
Phone +49 69 1525-0
www.dnb.de
II. Contact information of the data protection officer
Adickesallee 1
60322 Frankfurt am Main
Germany
datenschutzbeauftragter@dnb.de
phone +49 69 1525-0
www.dnb.de
III. General information on data processing
1. Scope of personal data processing
In general, we only process personal data collected from our users insofar as this is necessary for the provision of a functional web presence, our content and our services. As a rule, your personal data is only processed after you have given your consent. Exceptions apply in cases where the user’s prior consent cannot be obtained on factual grounds and statutory regulations permit the processing of personal data.
2. Legal basis for the processing of personal data
Art. 6(1) a) GDPR serves as the legal basis when we request your consent to the processing of your personal data.
Art. 6(1) b) GDPR serves as the legal basis when processing personal data for the performance of a contract to which you are a party. The same applies to any processing measures required if steps are to be taken before entering into a contract.
Art. 6(1) e) GDPR serves as the legal basis when the processing of your personal data is necessary for the performance of a task carried out in the public interest; this includes the Law Regarding the German National Library.
Art. 6(1) f) GDPR serves as the legal basis when processing is necessary to safeguard the legitimate interests of the German National Library or a third party, and provided these legitimate interests are not outweighed by your interests and fundamental rights and freedoms.
3. Data erasure and storage period
Your personal data will be erased or blocked as soon as the purpose for which it was stored ceases to apply. Personal data may also be stored if so specified by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. In such instances, personal data is blocked or erased when a storage period specified in any of the above-mentioned legislation expires, except in cases where the data has to be retained for longer in order to conclude or execute a contract.
IV. Provision of web presence and generation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data is collected:
(1) Information about the browser type and version used
(2) The operating system
(3) The internet service provider
(4) The IP address
(5) The date and time at which the website was accessed
(6) Web pages accessed through our website by your system
This data is also stored in our system’s log files. However, it is not stored together with your other personal data.
2. Legal basis for the processing of data
The legal basis for the temporary storage of data and log files is Art. 6(1) f) GDPR.
3. Purpose of data processing
Temporary storage of your IP address by the system is necessary in order to facilitate website transmission to your computer. Your IP address therefore has to be stored for the duration of the session.
This data is stored in log files in order to safeguard the functionality of the web presence. We also use the data to optimise our web presence and safeguard the security of our information technology systems. Data collected in this context is not evaluated for marketing purposes.
The purposes specified above also constitute our legitimate interest in processing your data pursuant to Art. 6 (1) f) GDPR.
4. Storage period
Your data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. Data collected in order to provide access to a website is erased when the respective session ends.
Data stored in log files is erased after no more than 14 days. However, data can be stored for longer periods. In such cases, your IP address will be erased or masked so that it can no longer be associated with the accessing client.
5. Right to object and right to erasure
The collection of data for web presence provision and the storage of data in log files are absolutely essential to the operation of the website. There is therefore no way in which you can object to this.
V. Use of cookies
1. Description and scope of data processing
Our web presence uses cookies. Cookies are text files stored in your web browser or by the web browser on your computer system. Whenever you access a web page, a cookie can be stored on your computer’s operating system. This cookie contains a typical string of characters that enables the browser to be clearly identified if you return to the webs presence at a later date.
We use cookies to make our website more user-friendly. Some elements on our web presence require the accessing browser to be identified after you have moved to another web page.
The following data is stored and transmitted in the cookies:
(1) Language settings
(2) Log-in information (ID no.)
2. Legal basis for the processing of data
The legal basis for the processing of personal data using cookies is Art. 6(1) f) GDPR.
3. Purpose of data processing
The use of technically necessary cookies is intended to simplify website use for visitors. Some of the functions on our website cannot be provided unless cookies are enabled. In these cases, it is essential that the browser is also recognised after accessing another page. The user data collected by these technically necessary cookies is not used to generate user profiles.
These purposes also constitute our legitimate interest in processing your personal data pursuant to Art. 6(1) f) GDPR.
4. Storage period, right to object and right to erasure
Cookies are stored on your computer, from where they are sent to our website. This means that you as the user have complete control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your web browser settings. Cookies that have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our web presence, it may no longer be possible to use all the web presence’s functions in full.
Webanalyse Cookie
Here, you can decide, whether it is allowed that a specific web analytic cookie can be stored in your browser, which enables the owner of the website to analyze different statistical data. If you do not want that, please chose the corresponding option, to store the Web analysis-deactivation-cookie in your browser.
VI. Newsletter
1. Description and scope of data processing
Our website offers you the opportunity to subscribe to a free newsletter. When registering for the newsletter, the data entered into the registration form (your e-mail address is mandatory) is sent to our service provider. You can also choose to enter your name.
In all, the following data is stored when you subscribe:
(1) E-mail address
(2) Date and time of registration
(3) IP address of the accessing computer
In order to facilitate the processing of your data, your consent is obtained during the registration procedure and you are referred to this Privacy Policy.
Your data is used solely for the purpose of sending the newsletter.
2. Legal basis for the processing of data
The legal basis for processing your personal data after you have subscribed to a newsletter and consented to this processing is Art. 6(1) a) GDPR.
3. Purpose of data processing
Your e-mail address is collected for the purpose of delivering the newsletter.
The collection of additional personal data during the registration process is intended to prevent the improper use of services and/or of the e-mail address provided.
4. Storage period
The data is erased as soon as it is no longer required in order to fulfil the purpose for which it was collected. All the data we collect from you is accordingly stored for as long as your newsletter subscription is active.
5. Right to object and right to erasure
You can cancel your newsletter subscription at any time. Each newsletter contains a link for this purpose.
VII. Registration for the purpose of depositing Online Publications/utilising services
1. Description and scope of data processing
We offer users an option to register on our website by entering their personal data. In doing so, your data is entered into an input mask, transmitted to us and stored. This data is only transmitted to third parties whenever this is necessary. The following data is collected during the registration process:
(1) First name, surname
(2) Address
(3) Telephone number
(4) E-mail address
(5) User ID number if applicable
The following data is also stored at the time you register:
(6) Name of the institution/company if applicable
(7) Date and time of registration
(8) IP address
Your consent to the processing of this data is obtained during the registration process.
2. Legal basis for the processing of data
The legal basis for processing your personal data after you have given your consent is Art. 6(1) a) GDPR.
3. Purpose of data processing
Your registration is necessary for the provision of certain content and services on our web presence.
4. Storage period
The data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. For the data collected during the registration process, this is the case when your registration on our website is cancelled or modified.
5. Right to object and right to erasure
As a user, you can cancel your registration at any time. You can also have the data stored in connection with your registration amended at any time.
VIII. Contact form and e-mail contact
1. Description and scope of data processing
Our web presence contains contact forms that can be used to contact us electronically. If you choose to make use of this function, the data you enter into the form will be transmitted to us and stored. This data comprises the following:
(1) First name, surname
(2) E-mail address
Alternatively, you can contact us using the e-mail address provided. In such cases, the personal data you send with your e-mail is stored.
Data collected in this context is not transmitted to third parties. It is used solely for the purpose of dealing with correspondence.
2. Legal basis for the processing of data
The legal basis for processing your personal data after you have given your consent is Art. 6(1) a) GDPR.
The legal basis for processing data that is transmitted when sending an e-mail is Art. 6(1) f) GDPR.
3. Purpose of data processing
Personal data you enter into the input mask is processed solely for the purpose of responding to correspondence. This also constitutes the required legitimate interest in processing the data in cases where contact is made by e-mail.
Additional data is processed during transmission in order to prevent improper use of the contact form and safeguard the security of our information technology systems.
4. Storage period
The data is erased as soon as it is no longer required in order to fulfil the purpose for which it was collected. In the case of personal data entered into the contact form's input mask and personal data sent by e-mail, this is the case when your correspondence is terminated. Correspondence is deemed to have been terminated when it can be inferred from the circumstances that the facts in question have been clarified once and for all.
5. Right to object and right to erasure
You are entitled to withdraw your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. If this right is exercised, it will no longer be possible to continue the correspondence. In this instance, all personal data stored during the course of the correspondence will be erased.
IX. Web analysis by Matomo
1. Scope of personal data processing
We use the open source software tool Matomo (formerly PIWIK) to analyse user data. No personal data is collected and no cookies are placed when using GND-Explorer (https://explore.gnd.network) to perform web analyses. All other gnd.network pages use cookies to enable statistical analysis of your use of this website and to facilitate the display of usage-related content. Cookies are small text files that are stored on your terminal device by your web browser. Matomo cookies contain no information that could be used to identify a user.
As your privacy is extremely important to us, Matomo anonymises your IP address. Matomo does not use this data in any other way, amalgamate it with other data, or transmit it to any third party.
The following personal data is stored whenever individual pages on our website are accessed:
(1) Two Bytes of the accessing system’s IP address
(2) The web page accessed
(3) The website from which you reached this web page (referrer)
(4) The subpages accessed from this web page
(5) The length of time spent on the web page
(6) The number of times you access the web page
The software runs exclusively on our website hosting provider’s servers. This is the only place where your personal data is stored. Your data is not transmitted to any third party.
2. Legal basis for the processing of personal data
The legal basis for the processing of your personal data is Art. 6(1) f) GDPR. Our legitimate interest is the optimisation of our online services and website.
3. Purpose of data processing
Processing your personal data enables us to analyse your surfing behaviour. Evaluations of the data collected allow us to compile information about the use of individual components on our web presence. This helps us to continue improving our website and to make it more user-friendly. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6(1) f) GDPR. Your interest in the protection of your personal data is duly taken into account by anonymising your IP address.
4. Storage period
The data is erased as soon as we no longer need it for recording purposes.
5. Right to object and right to erasure
You have the right to object to the data processing described above at any time insofar as your personal data is involved. Your objection will not place you at any disadvantage.
Cookies are stored on your computer, from where they are sent to our website. This means that you as the user have complete control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your web browser settings. Cookies that have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our web presence, it may no longer be possible to use all the web presence’s functions in full.
Webanalyse Cookie
Here, you can decide, whether it is allowed that a specific web analytic cookie can be stored in your browser, which enables the owner of the website to analyze different statistical data. If you do not want that, please chose the corresponding option, to store the Web analysis-deactivation-cookie in your browser.
X. Web analysis with INFOnline
Our website uses the measurement procedure (“SZMnG”) provided by INFOnline GmbH (https://www.INFOnline.de) to obtain statistical indicators regarding the use of our services. Measuring the use of our website on the basis of a standardised procedure serves to determine the number of website visits and visitors while collecting information about the visitors’ browsing behaviour; the figures thus obtained can then be compared with the market as a whole.
1. Legal basis for the processing
INFOnline GmbH uses the measurement system SZMnG to take measurements in pursuit of its legitimate interests pursuant to Art. 6(1)(f) GDPR.
The personal data is processed for the purpose of generating statistics. The statistics are used to track and document the use of our services.
We also have a legitimate interest in making the pseudonymised data from INFOnline GmbH and the University Library Centre of the State of North Rhine-Westphalia (hbz) available for statistical purposes.
2. Type of data
INFOnline GmbH collects the following data with a personal reference as defined in the GDPR:
(1) IP address: When using the internet, each device requires a unique address, the so-called “IP address”, with which to transmit data. The storage of this IP address, at least for short periods, is technically necessary because of the way in which the internet works. IP addresses are shortened by 1 byte before any form of processing takes place, and they are only processed further in anonymised form. Full IP addresses are not stored or processed any further.
(2) A randomly generated client identifier: The measurement system uses either a third-party cookie, a first-party cookie, a “local storage” object or a signature generated from various types of information automatically transmitted by your browser in order to recognise your computer system. Until it is deleted, this cookie or local storage object serves as a unique identifier for your browser. This means that the data can be measured and associated with the respective client identifier even if you access other websites that use the measuring system (“SZMnG”) provided by INFOnline GmbH. The validity of the cookie is limited to a period of max. 1 year.
3. Right to object and right to erasure
You have the right to object to the data processing described above at any time insofar as your personal data is involved. Your objection will not place you at any disadvantage.
Cookies are stored on your computer, from where they are sent to our website. This means that you as the user have complete control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your web browser settings. Cookies that have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our web presence, it may no longer be possible to use all the web presence’s functions in full.
Webanalyse Cookie
Here, you can decide, whether it is allowed that a specific web analytic cookie can be stored in your browser, which enables the owner of the website to analyze different statistical data. If you do not want that, please chose the corresponding option, to store the Web analysis-deactivation-cookie in your browser.
XI. Use of social media services
The social media services provided by Facebook and Twitter are integrated into the website. The content is integrated in compliance with data protection legislation, i.e. users of the German National Library's website are not linked to the Facebook or Twitter websites. Instead, a server provided by the host serves as a proxy between the Library’s website and the social media websites.
XII. Rights of data subject
If your personal data is being processed, the GDPR defines you as a data subject and you have the following rights vis-à-vis the data controller:
1. Right to information
You can ask the data controller to confirm whether your personal data is being processed.
If this is the case, you can request the controller to provide the following information:
(1) the purposes for which your personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or categories of recipient to whom your personal data has been or is to be disclosed;
(4) the envisaged period for which your personal data will be stored, or, if no specific information can be provided, the criteria used to determine that period;
(5) the existence of a right to request the controller to rectify or erase your personal data, to restrict the controller’s processing of your personal data, or to object to such processing;
(6) the existence of a right to complain to a supervisory authority;
(7) where the personal data is not collected from the data subject, any available information as to its source. You also have the right to request information as to whether your personal data is to be transferred to a third country or an international organisation. If this is the case, you can also request information concerning the safeguards provided for the transfer of personal data in accordance with Art. 46 GDPR.
2. Right to rectification
You have the right to request the controller to rectify and/or complete your personal data insofar as that of your personal data being processed is incorrect or incomplete. If this is the case, the controller must rectify the data immediately.
3. Right to restriction of processing
You are entitled to request restrictions on the processing of your personal data in the following circumstances:
(1) if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
(2) if your personal data is being processed unlawfully, you refuse to have it deleted and instead demand restrictions on the processing of your personal data;
(3) if the controller no longer needs the personal data for the purposes for which it was processed but you still need it for the establishment, exercise, or defence of legal claims; or
(4) if you have objected to the processing of your data pursuant to Art. 21(1) GDPR and it has not yet been established whether the legitimate grounds of the controller override yours.
If the processing of your personal data has been restricted, this data may – with the exception of storage – only be processed with your consent, or to establish, exercise, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest within the EU or an EU member state.
If you have obtained restriction of processing under the conditions specified above, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You may request the controller to erase your personal data without delay, in which case the controller is obliged to erase the data without delay where one of the following grounds applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw the consent on which the processing is based pursuant to Art. 6(1) a) or Art. 9(2) a) GDPR, and there are no other legal grounds for the processing.
(3) You object to the processing of your data pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing of your data pursuant to Art. 21(2) GDPR.
(4) Your personal data has been processed unlawfully.
(5) Your personal data has to be erased for compliance with a legal obligation in EU or member state law to which the controller is subject.
(6) Your personal data has been collected in connection with the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
If the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase it, the controller, taking account of the technology available and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers who are processing your personal data that you, as the data subject, have requested the erasure of any links to, or copy or replication of, your personal data.
c) Exceptions
The right to erasure does not exist insofar as processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation according to which processing is required by EU or member state law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2) h), i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in point a is likely to render impossible or seriously impair the achievement of the objectives of the processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If you exercise your right to rectification or erasure of personal data or restriction of processing, the controller is obliged to communicate this to all recipients to whom your personal data has been disclosed unless this proves impossible or involves disproportionate effort.
You are entitled to information concerning these recipients.
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to any processing of your personal data effected on the basis of Art. 6(1) e) or f) GDPR.
If this right is exercised, the controller will cease processing your personal data unless he/she can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the data has to be processed for the establishment, exercise, or defence of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. Right to withdraw the declaration of consent provided in compliance with data protection legislation
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of your consent will not affect the lawfulness of processing effected on the basis of your consent before it is withdrawn.
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged violation, if you consider that the processing of your personal data violates the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Do you have any questions? You can contact the German National Library’s Data Protection Officer at datenschutzbeauftragter@dnb.de.
Modification date: May 30, 2022