Privacy Policy

The use of this website may involve the processing of personal data. In order to help you understand why we process these data, we should like to give you an overview of this processing in the following information. In order to guarantee fairness in the processing we should also like to inform you about your rights in accordance with the General Data Protection Regulation (GDPR) and the Federal German Data Protection Act (FGPA).

The controller of the data processing is the Saxon State and University Library Dresden (SLUB), Zellescher Weg 18, 01069 Dresden (hereinafter: we or us).

General data

Contact

If you have questions or suggestions on this information or wish to assert your rights with us, please address the request to:

Saxon State and University Library Dresden (SLUB)
Zellescher Weg 18, 01069 Dresden

Tel.: +49 351 4677 123
e-mail: Generaldirektion@slub-dresden.de

General information on data processing

When you use this website your personal data may be processed. Under data protection law the term, "personal data" designates all the information, which refers to an identified or identifiable person. The IP address may also be an item of personal data. An IP address allocates the individual with the device connected to the Internet by the Internet provider, so that it is able to send and receive data. When you use the website we collect data, which you yourself provide. During your visit to the website we also automatically collect information about your use of the website.
 

We process personal data in accordance with the relevant data protection provisions, in particular the GDPR and the FGPA. We process data only on the basis of legal admissibility. When you use this website we process personal data only with your consent (Article 6 (1) 1st sentence point (a) GDPR), to fulfil a contract, to which you are a party, or to perform pre-contractual measures (Article 6 (1) 1st sentence point (b) GDPR), to fulfil a legal obligation (Article 6 (1) 1st sentence point (c) GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms, which require that your personal data be protected, are not overridden (Article 6 (1) 1st sentence point (f) GDPR). 

Duration of storage

Unless otherwise stated in the following notes, we store the data only as long as necessary to achieve the purpose of the processing or to satisfy our contractual or legal duties. Such a legal duty to preserve the records may arise in particular from the provisions of commercial or tax law.

The execution and evaluation of pentests involve the exceptional storage of test-related data for 8 weeks; there is no divergent use of this data during the extended storage period.

Processing of data

When you use our website for purely information purposes in the first instance general information is automatically stored (in other words, if you have not registered) and this information is transferred to our server. As a standard feature this information includes: browser type and version, operating system used, site accessed, the site previously accessed (referrer URL), IP address, date and time of the server request and HTTP status code.

The data are processed to safeguard our legitimate interest and the processing relies on the legal base in Article 6 (1) 1st sentence point (f) GDPR. This processing serves the technical management and security of the website. The data stored are erased at the end of 14 days, unless specific evidence gives rise to legitimate suspicion of an unlawful use and further investigation and processing of the information is necessary on this ground. Any further storage (log files of the firewall with IP, access data and amount of data transferred) takes place for security reasons for 30 days. If storage is required beyond this, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.

Contact information and enquiries

Our website includes a contact form, by means of which you can send us news. In this process your data is transferred in an encrypted form. All the data fields marked as mandatory must be filled out in order to allow us to process your request. If you do not provide this information, we are unable to process your request. Any further provision of data is voluntary. We process the data for the purpose of responding to your enquiry.

The legal base for the data processing is Article 6 (1) 1st sentence point (b) GDPR.

Customer chat with Userlike

In addition to our other contact services, i.e. contact form, by phone or in person on site, we now offer a customer chat service, which is a messaging system that offers sync/async communication. This means that support enquiries can continue to be processed even if the chat participants go offline. If you provide us with your email address, our system will notify you via email when the chat can be continued. The use of the chat as well as the provision of your data are voluntary. You can also use the chat anonymously/pseudonymously. Support is then provided exclusively in live chat and contact from our end cannot be re-established in the event of an interruption. Your location or other log data information is not collected. Browser cookies, which are only required for the technical processing of the chat environment, are deleted after 24 hours. Your data is exclusively used to answer your enquiry and on the basis of necessity for the user – operator relationship (Art. 6 (1) b GDPR) or otherwise referred to a legitimate interest (Art. 6 (1) f GDPR). The data is processed and stored in a certified data centre of the chat processor in Germany. Access is only granted to SLUB employees responsible for customer service. This data is generally not passed on unless this is necessary for answering the enquiry. In addition to this, a service provider is used for the provision of the customer chat, which can have access to the data. In order to protect our users, we have concluded a contract with the data processor in accordance with Art. 28 GDPR.

The deletion of the chat history, including the content data provided, takes place after three months, following an automated statistical survey of usage data (number of chats per month, topics requested). Personal data that has been provided for the purpose of clarifying your request (name, user number) will be deleted immediately after the implementation of your request (i.e. after final clarification), insofar as no legal retention periods prevent deletion.

Buchung von Ressourcen mit Booked Scheduler

Für unsere Benutzer/-innen besteht das Angebot, an unseren Bibliotheksstandorten Lern- und Arbeitsräume zu buchen. Die Raumbuchung erfolgt auf Grundlage von Art. 6 Abs. 1 lit. b), e) DS-GVO in Verbindung mit unserer Haus- und Benutzungsordnung sowie mit unserer Gebühren- und Entgeltordnung. Der Zugang zum Raumbuchungssystem kann also erst mit bestehendem Benutzungsverhältnis und der damit einhergehenden Shibboleth-Benutzungsauthentifizierung erfolgen. In der Software „Booked“ werden regelmäßig Ihr Name, Ihr Vorname, Ihre Benutzungsnummer, Ihre E-Mail-Adresse (Buchungsbestätigung); techn. Protokolldaten und Berechtigungsreferenzen sowie die eigentlichen Buchungsdaten (Ort: Standort/Raum, Zeitraum und Titel der Buchung) verarbeitet. Eine Datenübermittlung an Dritte oder die Einbindung externer Stellen findet grundsätzlich nicht statt, denn die Software wird über SLUB-interne Server gehostet und SLUB-intern verwaltet. Die Löschung Ihrer Benutzungsdaten ist an Ihr Benutzungsverhältnis der SLUB gekoppelt. Demnach werden bei der Inaktivität Ihres Kontos die Daten nach fünf Jahren gesperrt und ohne Reaktivierung nach sechs Jahren gelöscht. Die Buchungsdaten werden regelmäßig automatisiert nach drei Jahren aus dem Raumbuchungssystem gelöscht.

Anmeldung zum Newsletterversand

Wir erheben, verarbeiten, nutzen und speichern Ihren Namen und Ihre E-Mail- und/oder Postadresse ausschließlich zu oben angegebenem Zweck bis auf Widerruf. Mit Ihren Daten gehen wir sorgfältig um und sind um größtmögliche Sicherheit bemüht. Wir geben Ihre personenbezogenen Daten nicht an Dritte weiter.

Sie sind jederzeit berechtigt, gegenüber der SLUB
• um umfangreiche Auskunftserteilung zu den zu Ihrer Person gespeicherten Daten zu ersuchen
• die Berichtigung, Löschung und Sperrung einzelner oder aller personenbezogener Daten zu verlangen
• ohne Angabe von Gründen von Ihrem Widerspruchsrecht Gebrauch zu machen und die erteilte Einwilligungserklärung mit Wirkung für die Zukunft abzuändern oder gänzlich zu widerrufen

Sie können den Widerruf entweder postalisch, per E-Mail oder per Fax an die SLUB übermitteln, beispielsweise an: bewerbung@slub-dresden.de.
Wenn Sie Fragen zu der Verwendung Ihrer Daten haben, stellen Sie diese bitte an datenschutz@slub-dresden.de; außerdem können Sie sich mit Beschwerden auch an die Datenschutz-Aufsichtsbehörde wenden.

Online registration

You can register as a user of the library by filling out a form on the website. In addition, you can set up a reminder system by e-mail to remind you of pending due dates, to notify you of priority notices provided and to remind you about late return of materials. In order to register successfully, it is absolutely necessary that you provide the information marked as mandatory. The data provided are processed for the purpose of providing the service.

You can register as a user of the image database by using the form on the website, in order to be able to use extended services, such as a permanent shopping cart, a permanent favourites list and the commentary function. In order to register successfully, it is absolutely necessary that you provide the information marked as mandatory. The data provided are processed for the purpose of providing the service.

The processing relies on the legal base in Article 6 (1) 1st sentence point (b) GDPR.

Blog with commentary function

On our website we offer you a blog, where we publish contributions on a variety of topics. Our blog has a commentary function, for the use of which you need to provide personal details. If you submit a commentary , this is published together with the details of the author of the respective commentary. We recommend that instead of using your real name when you submit a commentary, you use a pseudonym. In order to use the commentary function the author's name and your e-mail address must be provided. Any further information is provided by you voluntarily. The legal base for the data processing relating thereto is Article 6 (1) 1st sentence point (b) GDPR.

When you submit a commentary we store your email address with the aforementioned data.The legal base for the storage of your e-mail address is Article 6 (1) 1st sentence point (f) GDPR. We use your e-mail only if you wish to be notified of responses to your commentary. We store your e-mail address for as long as your commentary is visible to the public.

As a matter of principle we do not check commentaries submitted prior to publication. We expressly reserve the right to erase your commentary, if queries are raised by third parties as to its legality. You may object at any time to the storage of the foregoing data. However, in this case we have to remove your commentary from our website.

Registration of events

You can use a form to register for events on the website. For the registration to be accepted it is absolutely necessary that you provide the information marked as mandatory. We process the data in order to register and confirm your event. The legal base for the data processing is Article 6 (1) 1st sentence point (b) GDPR.

Cookies

Our website uses cookies. Cookies are small text files, which are stored by your browser, whenever you visit a website. This allows us to recognise your browser when you visit our website on subsequent occasions.

To do this we use in particular permanent cookies. Permanent cookies are automatically erased after a specified time, which may vary from cookie to cookie.

Insofar as these coolies are used to process personal data, this relies on the legal basis in Article 6 (1) 1st sentence point (f) GDPR. This processing serves our legitimate interests in making our website more user-friendly, more effective and more secure.

You can erase cookies at any time by adjusting the security settings of your browser. As a matter of principle you may refuse to accept the use of cookies by adjusting your browser settings. The German Federal Office for Information Security offers you further information on this on https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

Analyses of our website

On our website we use the services of the Matomo web analysis service (formerly Piwik). Matomo is a type of open source software for website optimisation, which uses an anonymous method to analyse access by visitors to our website. In this process immediately on being processed and prior to being stored your IP address is anonymised. Matomo undertakes no further processing of personal data. The information generated by the use of cookies on your use of our site is not used for analysis based on personal identity or the creation of profiles and is also not transferred to third parties. 

The data are processed in order to safeguard our legitimate interests and the processing relies on the legal basis in Article 6 (1) 1st sentence point (f) GDPR. The processing is performed in the interest of optimising our site and in so doing to waive as far as possible the processing of personal data.

You may object to the processing of your data in its entirety at any time. For this purpose you can use a browser extension, which blocks advertising content or you can prevent cookies being installed on your browser by adjusting your browser settings. Moreover, you may subsequently object to the processing of your data by Matomo by clicking the mouse. In this case an opt-out cookie will be installed on your browser. As a consequence of this Matomo will not collect data of any kind. If you erase your cookies from your Internet browser, the opt-out cookie will also be erased. If you visit our website again, you will therefore need to activate it again.

Linked services and third party contents

On our website we use services and contents provided by third-party suppliers (hereinafter: contents). For such links it is necessary for technical reasons to process your IP address, so that the contents can be sent to your browser. Your IP address is therefore transferred to the respective third-party supplier.

These data are processed in every case to safeguard our legitimate interests in the optimisation and the economic operation of our website and the processing relies on the legal base in Article 6 (1) 1st sentence point (f) GDPR.

The programming language, JavaScript is routinely used to link the contents. You can therefore object to the processing of the data by deactivating the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may result in restrictions to certain functions on our website.

We have linked the contents from the following services provided by third-party suppliers:

On our website we use the plug-in from the twitter.com social network from International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland (Twitter).

  • We use locally embedded "Google Web Fonts" as fonts and do not process any personal end user data for their delivery.
  • Jquery CDN, provided by StackPath LLC (2012 Mc Kinney Ave., Suite 1100, Dallas, TX 75201, USA, StackPath) for the display of contents.

    StackPath is certified under the Privacy Shield Convention and thereby offers a guarantee that it will comply with European data protection law
    ( https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active ).
     
  • "Friendly Captcha", offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee to distinguish between the attempt to use a function of the website by a human being and machine and automated processing.

    Further information on Friendly Captcha can be found at: friendlycaptcha.com/de/legal/privacy-end-users/. The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR (legitimate interest) and § 25 para. 2 no. 2 TTDSG.

Withdrawal of consent

If you have granted your separate consent to the data processing, you may withdraw this consent at any time in accordance with Article 7 (3) GDPR. Such a withdrawal of consent shall not affect the legality of the processing, which was carried out by virtue of the consent up until the withdrawal of consent.

Your rights

As a data subject you have the right to assert your rights as a data subject against us. For this purpose you have the following rights in particular:

  • In accordance with Article 15 GDPR and § 34 FGPA you have the right to request information as to whether and where applicable, to what extent we do or do not process personal data concerning your identity. 
  • You have the right in accordance with Article 16 GDPR to request us to rectify your data.
  • You have the right in accordance with Article 17 GDPR and § 35 FGPA to request us to erase your personal data.
  • You have the right in accordance with Article 18 GDPR to have the processing of your personal data restricted.
  • You have the right in accordance with Article 20 GDPR to receive the personal data concerning you, which you have provided to us, in a structured, current and machine-readable format and to transfer these data to another controller.

Right to object

In accordance with Article 21 GDPR you have the right to object to any processing, which relies on the legal base in Article 6 (1) 1st sentence points (e) or (f). If any personal data concerning you are processed by us for the purpose of direct advertising, you may object to this processing pursuant to Article 21 (2) and (3) GDPR.

Data Protection Officer

Our external data protection officer can be contacted at the following contact details: datenschutz@slub-dresden.de

Lodging a complaint with a supervisory authority

If you believe that processing of personal data concerning you breaches the provisions of the GDPR, you have the right in accordance with Article 77 GDPR to lodge a complaint with a supervisory authority.