Privacy Policy

The use of this website may involve the processing of personal data. In order to help you understand why we process these data, we should like to give you an overview of this processing in the following information. In order to guarantee fairness in the processing we should also like to inform you about your rights in accordance with the General Data Protection Regulation (GDPR) and the Federal German Data Protection Act (FGPA).

The controller of the data processing is the Saxon State and University Library Dresden (SLUB), Zellescher Weg 18, 01069 Dresden (hereinafter: we or us).

• General data
• Processing of data
• Contact information and enquiries
• Customer chat with Userlike
• Online registration
• Blog with commentary function
• Registration for events
• Cookies
• Analyses of our website
• Linked services and third party contents
• Withdrawal of consent
• Your rights
• Right to object
• Data Protection Officer
• Lodging a complaint with a supervisory authority

Contact

If you have questions or suggestions on this information or wish to assert your rights with us, please address the request to:

Saxon State and University Library Dresden (SLUB)
Zellescher Weg 18, 01069 Dresden
Tel.: +49 351 4677 123
e-mail: Generaldirektion@slub-dresden.de

General information on data processing

When you use this website your personal data may be processed. Under data protection law the term, "personal data" designates all the information, which refers to an identified or identifiable person. The IP address may also be an item of personal data. An IP address allocates the individual with the device connected to the Internet by the Internet provider, so that it is able to send and receive data. When you use the website we collect data, which you yourself provide. During your visit to the website we also automatically collect information about your use of the website.
 

We process personal data in accordance with the relevant data protection provisions, in particular the GDPR and the FGPA. We process data only on the basis of legal admissibility. When you use this website we process personal data only with your consent (Article 6 (1) 1st sentence point (a) GDPR), to fulfil a contract, to which you are a party, or to perform pre-contractual measures (Article 6 (1) 1st sentence point (b) GDPR), to fulfil a legal obligation (Article 6 (1) 1st sentence point (c) GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms, which require that your personal data be protected, are not overridden (Article 6 (1) 1st sentence point (f) GDPR). 

Duration of storage

Unless otherwise stated in the following notes, we store the data only as long as necessary to achieve the purpose of the processing or to satisfy our contractual or legal duties. Such a legal duty to preserve the records may arise in particular from the provisions of commercial or tax law.

The execution and evaluation of pentests involve the exceptional storage of test-related data for 8 weeks; there is no divergent use of this data during the extended storage period.

When you use our website for purely information purposes in the first instance general information is automatically stored (in other words, if you have not registered) and this information is transferred to our server. As a standard feature this information includes: browser type and version, operating system used, site accessed, the site previously accessed (referrer URL), IP address, date and time of the server request and HTTP status code.

The data are processed to safeguard our legitimate interest and the processing relies on the legal base in Article 6 (1) 1st sentence point (f) GDPR. This processing serves the technical management and security of the website. The data stored are erased at the end of 14 days, unless specific evidence gives rise to legitimate suspicion of an unlawful use and further investigation and processing of the information is necessary on this ground. Any further storage (log files of the firewall with IP, access data and amount of data transferred) takes place for security reasons for 30 days. If storage is required beyond this, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.

Our website includes a contact form, by means of which you can send us news. In this process your data is transferred in an encrypted form. All the data fields marked as mandatory must be filled out in order to allow us to process your request. If you do not provide this information, we are unable to process your request. Any further provision of data is voluntary. We process the data for the purpose of responding to your enquiry.

The legal base for the data processing is Article 6 (1) 1st sentence point (b) GDPR.

In addition to our other contact services, i.e. contact form, by phone or in person on site, we now offer a customer chat service, which is a messaging system that offers sync/async communication. This means that support enquiries can continue to be processed even if the chat participants go offline. If you provide us with your email address, our system will notify you via email when the chat can be continued. The use of the chat as well as the provision of your data are voluntary. You can also use the chat anonymously/pseudonymously. Support is then provided exclusively in live chat and contact from our end cannot be re-established in the event of an interruption. Your location or other log data information is not collected. Browser cookies, which are only required for the technical processing of the chat environment, are deleted after 24 hours. Your data is exclusively used to answer your enquiry and on the basis of necessity for the user – operator relationship (Art. 6 (1) b GDPR) or otherwise referred to a legitimate interest (Art. 6 (1) f GDPR). The data is processed and stored in a certified data centre of the chat processor in Germany. Access is only granted to SLUB employees responsible for customer service. This data is generally not passed on unless this is necessary for answering the enquiry. In addition to this, a service provider is used for the provision of the customer chat, which can have access to the data. In order to protect our users, we have concluded a contract with the data processor in accordance with Art. 28 GDPR.

The deletion of the chat history, including the content data provided, takes place after three months, following an automated statistical survey of usage data (number of chats per month, topics requested). Personal data that has been provided for the purpose of clarifying your request (name, user number) will be deleted immediately after the implementation of your request (i.e. after final clarification), insofar as no legal retention periods prevent deletion.

Our users have the option of booking study and work rooms at our library locations. The room booking is made on the basis of Art. 6 Para. 1 lit. b), e) DS-GVO in connection with our house and usage regulations as well as our fee and charge regulations. Access to the room booking system can therefore only take place with an existing user relationship and the associated Shibboleth user authentication. In the "Booked" software, your surname, first name, user number, e-mail address (booking confirmation); technical log data and authorisation references as well as the actual booking data (location: site/room, period and title of the booking) are regularly processed. As a matter of principle, there is no data transfer to third parties or the involvement of external bodies, as the software is hosted on SLUB-internal servers and administered internally by SLUB. The deletion of your user data is linked to your SLUB user relationship. Accordingly, if your account is inactive, the data will be blocked after five years and deleted after six years without reactivation. The booking data is regularly deleted automatically from the room booking system after three years.

We collect, process, use and store your name and e-mail and/or postal address exclusively for the purpose stated above until revoked. We handle your data with care and strive for the greatest possible security. We do not pass on your personal data to third parties. You are entitled at any time to ask the SLUB - for comprehensive information about the data stored about you - to demand the correction, deletion and blocking of individual or all personal data - to exercise your right of objection without giving reasons and to amend or completely revoke the declaration of consent given with effect for the future You can send the revocation either by post, e-mail or fax to the SLUB, for example to: bewerbung@slub-dresden.de. If you have any questions about the use of your data, please send them to datenschutz@slub-dresden.de; you can also contact the data protection supervisory authority with complaints.

You can register as a user of the library by filling out a form on the website. In addition, you can set up a reminder system by e-mail to remind you of pending due dates, to notify you of priority notices provided and to remind you about late return of materials. In order to register successfully, it is absolutely necessary that you provide the information marked as mandatory. The data provided are processed for the purpose of providing the service.

You can register as a user of the image database by using the form on the website, in order to be able to use extended services, such as a permanent shopping cart, a permanent favourites list and the commentary function. In order to register successfully, it is absolutely necessary that you provide the information marked as mandatory. The data provided are processed for the purpose of providing the service.

The processing relies on the legal base in Article 6 (1) 1st sentence point (b) GDPR.

On our website we offer you a blog, where we publish contributions on a variety of topics. Until 2024, our blog had a comment function that required you to provide personal information in order to use it. Currently, comments can no longer be made, but past comments are still visible. The following parts of the statement refer to the comments already made in the past.

If you submit a commentary , this is published together with the details of the author of the respective commentary. We recommend that instead of using your real name when you submit a commentary, you use a pseudonym. In order to use the commentary function the author's name and your e-mail address must be provided. Any further information is provided by you voluntarily. The legal base for the data processing relating thereto is Article 6 (1) 1st sentence point (b) GDPR.

When you submit a commentary we store your email address with the aforementioned data.The legal base for the storage of your e-mail address is Article 6 (1) 1st sentence point (f) GDPR. We use your e-mail only if you wish to be notified of responses to your commentary. We store your e-mail address for as long as your commentary is visible to the public.

As a matter of principle we do not check commentaries submitted prior to publication. We expressly reserve the right to erase your commentary, if queries are raised by third parties as to its legality. You may object at any time to the storage of the foregoing data. However, in this case we have to remove your commentary from our website.

You can use a form to register for events on the website. For the registration to be accepted it is absolutely necessary that you provide the information marked as mandatory. We process the data in order to register and confirm your event. The legal base for the data processing is Article 6 (1) 1st sentence point (b) GDPR.

Data protection and declaration of consent

You can register for events on the website using a form. The provision of the information marked as mandatory is mandatory so that the registration can be accepted. We process the data in order to carry out and confirm your registration. The legal basis for data processing is Art. 6 para. 1 sentence 1 b GDPR.

If necessary, the title, surname, first name, library will be transmitted to the respective speaker. No further data will be transmitted to third parties.

The data will be stored for a maximum of two years for the purpose of any duplicate confirmation of participation that may be required and then deleted.

Data protection information for participation in online training courses offered by the LFS:

Technical services are used for the implementation of the online offers of the LFS, to which reference is made in the description of the respective offer of the Saxon State Office for Libraries in the further education offer.

External instructors also use other online services for the implementation of online courses. The data protection guidelines of the respective providers of the technical services apply.

When you apply to us, we process the information that we receive from you as part of the application process, e.g. through letters of application, CVs, references, correspondence, telephone or verbal information or you use our contact form provided on the website. In addition to your contact details, information about your education, qualifications, work experience and skills is of particular relevance to us.

Your data will initially be processed exclusively for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate the employment relationship and deleted in accordance with the regulations applicable to personnel files.

The legal basis for data processing in the application process and as part of the personnel file is Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG and, if you have given your consent, for example by sending information that is not necessary for the application process, your consent in accordance with Art. 88 para. 1 GDPR in conjunction with Section 26 para. 2 BDSG, Art. 7 GDPR.

Please note that CVs, references or other data you submit for the purposes of the application may also contain special categories of personal data within the meaning of Art. 9 (1) GDPR. As a rule, we do not require any special categories of personal data for the application process. We ask you not to send us any such information from the outset. If such information is exceptionally relevant to the application process, we will process it together with your other applicant data. The legal basis for data processing is Art. 9 para. 2 lit. b) GDPR in conjunction with § Section 26 para. 3 BDSG.

The data transmitted will be deleted if you withdraw your application (revocation should be sent to datenschutz@slub-dresden.de) or if we are unable to offer you a vacant position, at the earliest three months after the end of the application process, but at the latest after 6 months. This does not apply if statutory provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

Our website uses cookies. Cookies are small text files, which are stored by your browser, whenever you visit a website. This allows us to recognise your browser when you visit our website on subsequent occasions.

To do this we use in particular permanent cookies. Permanent cookies are automatically erased after a specified time, which may vary from cookie to cookie.

Insofar as these coolies are used to process personal data, this relies on the legal basis in Article 6 (1) 1st sentence point (f) GDPR. This processing serves our legitimate interests in making our website more user-friendly, more effective and more secure.

You can erase cookies at any time by adjusting the security settings of your browser. As a matter of principle you may refuse to accept the use of cookies by adjusting your browser settings. The German Federal Office for Information Security offers you further information on this on https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

On our website we use the services of the Matomo web analysis service (formerly Piwik). Matomo is a type of open source software for website optimisation, which uses an anonymous method to analyse access by visitors to our website. In this process immediately on being processed and prior to being stored your IP address is anonymised. Matomo undertakes no further processing of personal data. The information generated by the use of cookies on your use of our site is not used for analysis based on personal identity or the creation of profiles and is also not transferred to third parties. 

The data are processed in order to safeguard our legitimate interests and the processing relies on the legal basis in Article 6 (1) 1st sentence point (f) GDPR. The processing is performed in the interest of optimising our site and in so doing to waive as far as possible the processing of personal data.

You may object to the processing of your data in its entirety at any time. For this purpose you can use a browser extension, which blocks advertising content or you can prevent cookies being installed on your browser by adjusting your browser settings. Moreover, you may subsequently object to the processing of your data by Matomo by clicking the mouse. In this case an opt-out cookie will be installed on your browser. As a consequence of this Matomo will not collect data of any kind. If you erase your cookies from your Internet browser, the opt-out cookie will also be erased. If you visit our website again, you will therefore need to activate it again.

On our website we use services and contents provided by third-party suppliers (hereinafter: contents). For such links it is necessary for technical reasons to process your IP address, so that the contents can be sent to your browser. Your IP address is therefore transferred to the respective third-party supplier.

These data are processed in every case to safeguard our legitimate interests in the optimisation and the economic operation of our website and the processing relies on the legal base in Article 6 (1) 1st sentence point (f) GDPR.

The programming language, JavaScript is routinely used to link the contents. You can therefore object to the processing of the data by deactivating the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may result in restrictions to certain functions on our website.

We have linked the contents from the following services provided by third-party suppliers:

On our website we use the plug-in from the X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.

• The X Internet Unlimited Company is certified under the Privacy Shield Convention and therefore offers a guarantee that it will comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active ).

• We use locally embedded "Google Web Fonts" as fonts and do not process any personal end user data for their delivery.

•  YouTube.com from YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; „YouTube“) for showing videos
  
  Google is certified under the Privacy Shield Convention and thereby offers a guarantee that it will comply with European data protection law
  ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

•  Typekit from the third party supplier, Adobe Systems Inc. (345 Park Avenue, San Jose, CA  95110-2704, USA, Adobe) for the display of fonts.
  
  Adobe is certified under the Privacy Shield Convention and thereby offers a guarantee that it will comply with European data protection law
  ( https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active ).

• Jquery CDN, provided by StackPath LLC (2012 Mc Kinney Ave., Suite 1100, Dallas, TX 75201, USA, StackPath) for the display of contents.
  
  StackPath is certified under the Privacy Shield Convention and thereby offers a guarantee that it will comply with European data protection law
  ( https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active ).
   

• "Friendly Captcha", offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee to distinguish between the attempt to use a function of the website by a human being and machine and automated processing.

  Further information on Friendly Captcha can be found at: friendlycaptcha.com/de/legal/privacy-end-users/. The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR (legitimate interest) and § 25 para. 2 no. 2 TTDSG.

If you have granted your separate consent to the data processing, you may withdraw this consent at any time in accordance with Article 7 (3) GDPR. Such a withdrawal of consent shall not affect the legality of the processing, which was carried out by virtue of the consent up until the withdrawal of consent.

As a data subject you have the right to assert your rights as a data subject against us. For this purpose you have the following rights in particular:

• In accordance with Article 15 GDPR and § 34 FGPA you have the right to request information as to whether and where applicable, to what extent we do or do not process personal data concerning your identity. 

• You have the right in accordance with Article 16 GDPR to request us to rectify your data.

• You have the right in accordance with Article 17 GDPR and § 35 FGPA to request us to erase your personal data.

• You have the right in accordance with Article 18 GDPR to have the processing of your personal data restricted.

• You have the right in accordance with Article 20 GDPR to receive the personal data concerning you, which you have provided to us, in a structured, current and machine-readable format and to transfer these data to another controller.

In accordance with Article 21 GDPR you have the right to object to any processing, which relies on the legal base in Article 6 (1) 1st sentence points (e) or (f). If any personal data concerning you are processed by us for the purpose of direct advertising, you may object to this processing pursuant to Article 21 (2) and (3) GDPR.

Our external data protection officer can be contacted at the following contact details: datenschutz@slub-dresden.de

If you believe that processing of personal data concerning you breaches the provisions of the GDPR, you have the right in accordance with Article 77 GDPR to lodge a complaint with a supervisory authority.