The entity responsible for providing these web pages is the Leibniz Institute for Regional Geography (Leibniz-Institut für Länderkunde – IfL – e. V.), Schongauerstraße 9, 04328 Leipzig.

Data protection and data security are a high priority for our institute because we are very serious about protecting your personal data. To this end, we have taken technical and organizational measures to ensure that data protection-relevant laws, particularly the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new) are observed. Following data protection requirements during the use of our website is a central concern for us so that we can ensure that your personal data is handled in a data protection-compliant manner.

In the following, we provide you with information about the collection of personal data during the use of our website. Personal data is all data that can be used to personally identify you, e.g. name, address, email addresses and user behavior.

1 General information about data processing

1.1 Processing of personal data and its purpose

Leibniz Institute for Regional Geography e. V. (hereinafter the “IfL” or “we”) processes users’ personal data only to the extent that this is necessary in order to provide a functional website along with our content and services. When you visit our web pages, the following data is processed:

• user’s IP address
• browser used (type, version, language)
• operating system used
• user’s internet service provider
• date and time when the user accessed our web pages
• files retrieved on our web pages
• website from which the user reached our web pages
• website that the user accesses from our web pages.

The processing and temporary storage of the IP address is necessary in order to allow the website to be delivered to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. The log files contain IP addresses or other data that permits the user to be identified. In addition, the data is used to optimize our web pages and to ensure the security of our IT systems. All processing of personal data takes place exclusively for the abovementioned purposes, and within the necessary scope to achieve these purposes. The data is not used for advertising, customer service or market research purposes.

1.2 Legal bases for processing personal data

As a rule, the processing of our users’ personal data occurs after consent is provided by the user. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons and where we are permitted by law to process the data. The data and log files are stored on the basis of Art. 6 Sec. 1 lt. f GDPR.

1.3 Data erasure and storage period

We erase or block the data subjects’ personal data as soon as the storage purpose no longer applies. In the case of data processing for the purpose of providing the web pages, data is erased when the respective session ends. In the case of personal data stored in log files, data is erased after three months. Longer storage is possible if the users’ IP addresses are first erased or altered so that the client calling up the page can no longer be identified.

2 Cookies

We use cookies in several places on our web pages. When a user accesses one of our web pages, a cookie may be stored in the user’s operating system. A cookie contains a unique string of characters that allows the browser to be clearly identified if our web pages are accessed again. The cookies store and transmit the following data:

• language settings
• login information (includes function cookies and tracking cookies, but the latter are currently not enabled)

The purpose of using cookies is to make our web pages user-friendly. The processing of personal data using cookies takes place on the basis of Art. 6 Sec. 1 lt. f GDPR. Cookies are stored on the user’s computer and transmitted to our web pages from there. Users can disable or restrict the transmission of cookies by changing their web browser settings. Cookies that have already been stored can be deleted at any time. If you disable cookies for our web pages, you may not be able to fully utilize all of the functions on our web pages.

3 Matomo

Our web pages use Matomo (formerly Piwik), a software program for statistical analysis of user access that is provided by InnoCraft ltd., 150 Willis St, 6011 Wellington, New Zealand. The program does not create personal user profiles; it only collects anonymous data. This web analysis allows us to improve the quality of our web pages and their content. It uses cookies (see above), which allow us to analyze the use of our web pages. Web page users can prevent this web analysis at a technical level by disabling JavaScript and cookies in their web browsers. Details about adjusting the necessary settings can be found in the product descriptions and/or instructions for the various browser providers. Data processing in this context takes place on the basis of Art. 6 Sec. 1 lt. a GDPR. Further information about Matomo’s terms of use and data protection can be found at matomo.org/privacy-policy

4 Contact form and e-mail contact

Our website provides a contact form that can be used to contact us electronically. If a user takes advantage of this option, the data that the user enters into the form will be transmitted to us and stored:

• Name (optional)
• Organization (optional)
• e-mail address
• Free text field for individual message (optional)
• User’s IP address
• Date and time of transmission.

Alternatively, we can be contacted via the provided email addresses. In this case, the user’s personal data transmitted in the email will be stored by us. The legal basis for processing the data is Art. 6 Sec. 1 lt. f GDPR. The data will exclusively be used to process the contact request and for subsequent communication. The data is not shared with third parties in this context. If we plan to use the data for other purposes, we will obtain the user’s consent in advance. The personal data from the entry fields on the contact form and the data sent by email will be erased once the respective communication with the user is completed, i.e. as soon as circumstances indicate that the matter in question has been conclusively resolved. Any additional personal data collected during the submission process will be erased within three months at the latest.

5 Registering for an online library account

Our website offers users the option to create an online library account in order to place orders, reserve items, etc. To do so, users must register. The following data is entered into an entry form, transmitted to us and stored:

• User ID
• e-mail address
• Title (optional)
• First name
• Last name
• Date of birth
• Address (street, house number, postal code, city, country) (optional)
• PO box (optional)
• Phone number (optional)
• Fax number (optional)
• Language of correspondence
• User’s IP address
• Date and time of submission.

Once they have registered, our users can create and administer a user profile. We will use the data to process user inquiries and for administration purposes. If necessary and where legally permissible, we will share the user’s data with our partner companies that help us with proper contract fulfillment. These companies in turn are required to fulfill the applicable data protection provisions; in particular, they are exclusively permitted to process the data in order to fulfill their duties on our behalf, and only according to our instructions. The legal basis for processing the data is Art. 6 Sec. 1 lt. b GDPR. The data will be erased after the user account is deactivated unless we are required to store it for a longer period for contractual and/or statutory reasons. If we plan to use the data for other purposes, we will obtain the user’s consent in advance. The legal basis for processing the data in this case is Art. 6 Sec. 1 lt. a GDPR. Users may withdraw their consent for processing personal data at any time.

6 Newsletter

Our website offers the option of subscribing to our free newsletter. If you subscribe to our newsletter, we will process the following personal data:

• e-mail address
• First name (optional)
• Last name (optional)
• Institution (optional)
• IP address of the computer calling up the site
• Date and time of submission.

In order to process this data, we obtain the user’s consent at the time of subscription and provide a reference to this data privacy policy. The legal basis for processing personal data in this context is Art. 6 Sec. 1 lt. a GDPR. We will store the user’s email address as long as the newsletter subscription is active. Consent can be withdrawn at any time by clicking on the corresponding link provided in each newsletter. In this case, the personal data will be erased immediately.

7 Security

The IfL uses technical and organizational security measures to protect users’ personal data from accidental or intentional manipulation, loss, destruction and access by unauthorized persons. Our security measures are continuously improved according to technological developments.

8 Rights of the data subject

If the IfL processes your personal data, you are considered a data subject pursuant to Art. 4 No. 1 GDPR and you have the following rights with regard to the IfL:

8.1 Right of access

Pursuant to Art. 15 GDPR, you can request confirmation as to whether or not personal data concerning you is being processed by us. If we process your personal data, you can request access to the following information from us:

• the purposes of the processing;
• the categories of your personal data that we are processing;
• the recipients or categories of recipient to whom we have disclosed or will disclose your personal data;
• (where possible) the planned period for which we will store your personal data or, if this is not possible, the criteria used to determine that period;
• the existence of a right to request the rectification or erasure of your personal data, a right to restrict processing by us, or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• any available information about the source of the data if the personal data was not collected from you;
• the existence of automated decision-making, including profiling (Art. 22 Sec. 1 and 4 GDPR) and – at least in those cases – meaningful information about the logic involved, as well as the significance and the desired impact of such processing for you.

You have the right to request confirmation as to whether your personal data will be transmitted to a third country or to an international organization. In this context, you can ask to be informed about the appropriate safeguards pursuant to Art. 46 GSPR relating to the transmission.

8.2 Right to rectification

Pursuant to Art. 16 GDPR, you have the right to obtain from us the rectification and/or completion of inaccurate personal data concerning you.

8.3 Right to erasure

Pursuant to Art. 17 GDPR, you have the right to request the immediate erasure of your personal data by us. We are obligated to erase your data immediately where one of the following grounds applies:

• Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You withdraw your consent on which we base the processing pursuant to Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR, and there is no other legal basis for the processing.
• You object to processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Sec. 2 GDPR.
• Your personal data was unlawfully processed.
• Your personal data must be erased for compliance with a legal obligation under Union or Member State law to which we are subject.
• Your personal data was collected in relation to the offer of information society services referred to in Art. 8 Sec. 1 GDPR.

If we have made your personal data public and we are obliged pursuant to Art. 17 Sec. 1 GDPR to erase this personal data, we as the controller, accounting for the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, your personal data.
The right to erasure shall not apply to the extent that processing is necessary

• to exercise the right of freedom of expression and information;
• to fulfill a legal obligation to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the area of public health (Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR);
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Sec. 1 GDPR, where the abovementioned right is likely to render impossible or seriously impair the achievement of the objectives of this processing; or
• to establish, exercise or defend legal claims.

8.4 Right to restriction of processing

Under the following conditions, pursuant to Art. 18 GDPR, you can request the restriction of processing for your personal data:

• if you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
• if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• if we no longer need your personal data for the purposes of the processing, but you require it in order to establish, exercise or defend legal claims; or
• if you have objected to processing pursuant to Art. 21 Sec. 1 GDPR and it has not yet been determined whether our legitimate interests override your interests.

Where processing of your personal data has been restricted, this data – with the exception of its storage – shall only be processed with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where processing has been restricted according to the abovementioned circumstances, we shall inform you before the restriction is lifted.

8.5 Right to notification

If you asserted the right to rectification, erasure or restriction of processing toward us, we are obligated pursuant to Art. 19 GDPR to communicate this to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be notified by us about these recipients.

8.6 Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, where:

• the processing is based on consent (Art. 6 Sec. 1 lt. a GDPR and/or Art. 9 Sec. 2 lt. a GDPR) or on a contract pursuant to Art. 6 Sec. 1 lt. b GDPR and
• the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible. This shall not adversely affect the rights and freedoms of other persons. The right to data portability shall not apply to processing of personal data that is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in us.

8.7 Right to object

Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 Sec. 1 lt. e or f GDPR, including profiling based on those provisions. As a result, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for our processing that override your interests, rights and freedoms or where processing takes place to establish, exercise or defend legal claims.

8.8 Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time by contacting us, for instance by sending an email to leibniz-ifl(at)extern.tacticx.com. Withdrawal of consent shall not affect the lawfulness of any processing based on consent before its withdrawal.

8.9 Automated individual decision-making, including profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

• is necessary for entering into or performing a contract between you and us,
• is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent.

8.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data by us infringes the GDPR.

9 Responsibility for content and information

Our web pages contain links to web offerings from external providers. The content of these web offerings from external providers was reviewed by us at the time when the links were created to ensure that they did not violate any applicable laws in a civil or criminal sense. However, we cannot guarantee that this content will not be changed at a later point by the respective providers. If you believe that the linked external pages violate applicable laws or contain other inappropriate content, please notify us of this. We will review your comment and remove the external link if appropriate. The IfL is not responsible for the content or availability of the linked external web pages.

10 Inclusion and validity of the data privacy policy

By using our web pages, you agree to the data processing described above. This data privacy policy applies only to the content on our web pages. The linked external content is subject to other data protection and data security provisions. The respective legal notices inform you about who is responsible for these offerings.

The further development of our web pages or the implementation of new technology may necessitate changes to this data privacy policy. We therefore reserve the right to change this data privacy policy at any time with effect for the future. The version that can be accessed at the time of your website visit shall always be the valid version.

11 Contact information

You are also welcome to contact us if you have any questions or suggestions about data protection. You can assert your rights against Leibniz Institute for Regional Geography – IfL – e.V. as the controller at:

Leibniz Institute for Regional Geography e. V.
Schongauerstraße 9
04328 Leipzig
info(at)leibniz-ifl.de

You can reach our Data Protection Officer

Markus Strauss
tacticx Consulting GmbH
Walbecker Str. 53
47608 Geldern
Germany

at ifl-leipzig(at)extern.tacticx.com