Privacy policy

I. Name and Address of the Responsible Person

The responsible person in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Regine Stein, Director

Verbundzentrale des GBV (VZG) / Headquarter of the Common Library Network
Platz der Goettinger Sieben 1
37073 Goettingen
Germany

Tel.: +49 551 39-31000
E-Mail: direktion@gbv.de

This privacy policy applies to the website https://gokb.org

II. Name and Address of the Data Protection Officer

The data protection officer of the responsible person is:

Marc Tegethoff
Verbundzentrale des GBV (VZG) / Headquarter of the Common Library Network
Platz der Goettinger Sieben 1
37073 GoettingenGermany

Tel.: +49 551 39-31416

E-Mail: datenschutz@gbv.de

III. General Information on Data Processing

1. Scope of Processing of Personal Data

VZG processes personal data of users only to the extent necessary to provide a functioning website and its contents and services. The processing of personal data of users is regularly only done with their consent. An exception applies in cases where prior consent is not possible due to factual reasons and the processing of data is permitted by legal regulations.

2. Legal Basis for the Processing of Personal Data

If VZG obtains consent from the affected person for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.

In the case of processing of personal data necessary to fulfill a contract to which the affected person is a party, Article 6 (1) (b) of the EU-GDPR serves as the legal basis. This also applies to processing necessary for the performance of pre-contractual measures.

If processing of personal data is necessary to fulfill a legal obligation to which VZG is subject, Article 6 (1) (c) of the EU-GDPR serves as the legal basis.

If processing is necessary to pursue a legitimate interest of VZG or a third party, and the interests, rights and freedoms of the affected person do not override the first-mentioned interest, Article 6 (1) (f) of the EU-GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Period

The personal data of the affected person will be deleted or blocked as soon as the purpose of storage ceases to apply.

Storage may also occur if this is provided for by the European or national legislator in union law, laws or other regulations to which the responsible person is subject. In this case, the IP addresses of the user’s computer systems will be deleted or anonymized so that the client cannot be identified.

Data will be deleted or blocked when a storage period prescribed by the aforementioned regulations expires, unless storage is necessary for the performance of a contract or the fulfillment of a contract.

In the case of storage of data in log files and via Matamo, this will be the case after at most seven days.

IV. Provision of the Website and Creation of Log Files

1. Description, Scope and Purpose of Data Processing

With each access to the Internet pages of VZG, the system automatically collects data and information from the user’s computer system. The following data is collected:

  • file name of the retrieved file
  • date and time of the retrieval
  • transferred data volume
  • feedback from the browser of the user that they have successfully retrieved the current displayed webpage
  • IP address of the user
  • information about the browser type and version
  • operating system of the user

The data is stored in the log files of the system of VZG. No storage of this data together with other personal data of the user takes place.

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of the information technology systems. An evaluation of the data, in particular for marketing purposes or transmission to third parties, does not take place in this context.

V. E-Mail Contact, Contact, Application and Registration Forms

1. Description and Scope of Data Processing

In the case of contact via the E-Mail addresses, contact, application and registration forms of the GOKB, the personal data of the user transmitted by E-Mail will be stored. The data will be used exclusively for the processing of the conversation. In the case of application and registration forms, the data will be stored as long as it is necessary for the processing of the application or the event. By checking a box, the user agrees that the data provided and transmitted may be stored and processed for the provision of all connected services.

VI. Rights of the Affected Person

If personal data of users is processed, the users are data subjects within the meaning of the GDPR and the following rights apply against the responsible person:

1. Right to Information

Users can request from the responsible person a confirmation of whether personal data, which concerns the user, is being processed.

If such processing exists, the user can request from the responsible person the following information:

  • the purposes for which the personal data is being processed
  • the categories of personal data that are being processed
  • the planned storage period of the personal data or, if specific information on this is not possible, the criteria for determining the storage period
  • the existence of a right to correction or deletion of the personal data, a right to restriction of processing by the responsible person or a right to object to this processing – the existence of a right to lodge a complaint with a supervisory authority

The user has the right to request information on whether the personal data, which concerns the user, has been transmitted to a third country or an international organization. In this context, the user can request information on the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer.

2. Right to Correction

The user has the right to request correction and/or completion of the personal data processed by the responsible person, if the personal data processed by the responsible person, which concerns the user, is incorrect or incomplete. The responsible person must correct the data immediately.

3. Right to Restriction of Processing

Under the following conditions, the user can request the restriction of processing of the personal data, which concerns the user:

  • if the user disputes the accuracy of the personal data, which concerns the user, for a period that allows the responsible person to verify the accuracy of the personal data
  • if the processing is unlawful and the responsible person refuses to delete the personal data and instead requests the restriction of use of the personal data
  • if the responsible person no longer needs the personal data for the purposes of processing, but the user needs the data to assert, exercise or defend legal claims
  • if the user has objected to processing in accordance with Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the responsible person override those of the user

If the processing of the personal data, which concerns the user, has been restricted, these data – with the exception of storage – may only be processed with the consent of the user or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

If the restriction of processing has been restricted in accordance with the above conditions, the user will be informed by the responsible person before the restriction is lifted.

4. Right to Deletion

a) Obligation to Delete

The user can request from the responsible person that the personal data, which concerns the user, be deleted immediately, and the responsible person is obliged to delete the data immediately if one of the following reasons applies:

  • the personal data, which concerns the user, is no longer necessary for the purposes for which it was collected or otherwise processed
  • the user has withdrawn their consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing
  • the user has objected to processing in accordance with Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing
  • the personal data, which concerns the user, has been processed unlawfully
  • the deletion of the personal data, which concerns the user, is necessary to fulfill a legal obligation to which the responsible person is subject

b) Exceptions

The right to deletion does not apply if the processing is necessary:

  • to exercise the right to freedom of expression and information
  • to fulfill a legal obligation to which the responsible person is subject, or to pursue a task in the public interest or in the exercise of official authority conferred on the responsible person
  • to assert, exercise or defend legal claims

5. Right to Information

If the user has exercised their right to correction, deletion or restriction of processing against the responsible person, the responsible person is obliged to inform all recipients to whom the personal data, which concerns the user, has been disclosed of this correction or deletion of the data or restriction of processing, unless this is not possible or would involve an disproportionate effort.

The user has the right to be informed by the responsible person about these recipients.

6. Right to Object

The user has the right to object, for reasons related to their particular situation, at any time to the processing of personal data, which concerns the user, which is based on Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The responsible person will no longer process the personal data, which concerns the user, unless the responsible person can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or the processing is necessary for the assertion, exercise or defense of legal claims.

The user has the possibility to exercise their right to object in the context of the use of services of the information society – regardless of Directive 2002/58/EC – by automated means using technical specifications.

7. Right to Withdraw Consent to Data Protection Declaration

The user has the right to withdraw their consent to the data protection declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint with a Supervisory Authority

Regardless of any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged infringement, if the user considers that the processing of personal data, which concerns the user, is in breach of the GDPR.

The supervisory authority to which the complaint has been lodged will inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.