PRIVACY POLICY

Thank you for visiting this website. Data protection and data security for our customers and users are a high priority for us. We comply with data protection regulations, in particular the EU General Data Protection Regulation ("GDPR"), the German Federal Data Protection Act ("BDSG") and the German Telemedia Act ("TMG").

In this data protection information, we explain what information (including personal data) is processed by us during your visit to and use of our aforementioned website ("website").

I. Who is responsible for data processing?

The controller for the processing of personal data under data protection law and service provider within the meaning of the TMG is the Thüringer Universitäts- und Landesbibliothek Jena (hereinafter abbreviated to "ThULB"), Bibliotheksplatz 2, 07743 Jena; Tel. +49 3641 9-404 000. Where this data protection information refers to "we" or "us", this refers to the aforementioned institution. Our data protection officer can be contacted at
Dr. Stefanie Buchmann, Fürstengraben 1, 07743 Jena; stefanie.buchmann(at)uni-jena.de

II. What principles do we observe?

In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.

We may also collect information on this website that does not in itself allow us to draw any direct conclusions about your person. In certain cases - especially when combined with other data - this information may nevertheless be considered "personal data" in the sense of data protection law. Furthermore, we may also collect information on this website that does not allow us to identify you either directly or indirectly; this is the case, for example, with summarized information about all users of this website.

III What data do we process?

You can access our website without directly providing personal data (such as your name, postal address or e-mail address). Even in this case, we need to collect and store certain information to enable you to access our website.

  1. Log files:
    When you visit this website, our web server automatically stores the domain name or IP address of the requesting computer (usually your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and end device(s) you use to view our pages.
  2. Cookies:
    In order to make our website as user-friendly as possible, we - like many well-known companies - use so-called cookies. Cookies are small text files that are stored in the Internet browser you are using. These files help us to recognize certain preferences of our visitors when surfing and to design our site accordingly. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. However, we also use permanent cookies. These are used to improve the user experience. Our cookies do not collect any personal data and are not suitable for identifying you on third-party websites. You can set your browser to inform you about the placement of cookies. In this way, the use of cookies becomes transparent for you. You can also refuse to accept cookies in principle via your browser settings. However, this may mean that you will not be able to use all the functions of the website.
  3. Website analysis via Matomo (formerly Piwik):
    We also use Matomo Open Analytics on our website, a web analysis software from InnoCraft Ltd, 150 Willis St. 6011 Wellington, New Zealand, to continuously improve our website. Matomo also uses cookies, which are stored on your computer, to help the website analyze how users use the site. The information generated by cookies about your use of this website is usually sent to a Matomo server at the ThULB. The IP address of your end device is anonymized and stored on this server in such a way that it cannot be traced back to the person using the website. The information collected is used to evaluate your use of the website in order to compile reports on website activity.
  1. Registration / User account / Subscribers
    When registering as a registered user - in particular when creating a user account - we collect the name and email address as personal data. For a subscription, we store the IP or an IP range and the name of the subscriber. We may request the re-entry of data already collected during registration (in particular for your identification) and collect further personal data if you wish to use certain content on our website.
  2. Communication 
    In order to ensure communication with our users, we process all information that you have provided to us when contacting us or that we have requested from you (e.g. your name, address and other contact details); in addition, we store the reason for contacting us.

IV. For what purposes and on what legal basis do we process your data?

  1. the processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15 (1) TMG.
  2. the data collected via cookies (including web analysis with Matomo) and the pseudonymous user profiles are processed for the purposes of operating, improving and customizing our website on the basis of Section 15 (3) TMG.
  3. we may also process the data stored in connection with the use of our website and for the purpose of communication in order to fulfill legal obligations to which we are subject, this is done on the basis of Article 6 paragraph 1 c) GDPR.
  4. if necessary, we also process your data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this is done on the basis of Article 6 paragraph 1 f) GDPR. Our legitimate interests include in particular
    1. the assertion of legal claims and defense in legal disputes;
    2. ensuring consumer-friendly communication in the cases of III.9;
    3. the prevention and investigation of criminal offenses;
    4. the management and further development of our business activities, including risk management.


V. Am I obliged to provide data?

In order to ensure user-friendly communication, at least your name and email address are required.

If we collect additional personal data from you, we will inform you at the time of collection whether the provision of this information is required by law or contract. As a rule, we mark the information that is provided voluntarily and is not based on one of the aforementioned obligations.

VI. Who receives my data?
Your personal data is always processed within our systems. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. These include, in particular, the specialist departments involved in providing our digital services (e.g. websites) and our IT department. A role and authorization concept limits access within the ThULB to those functions and the scope required for the respective purpose of processing.

We may also transfer your personal data to third parties outside the ThULB to the extent permitted by law.These external recipients may include in particular

  • affiliated institutions to which we transfer personal data for internal administrative purposes;
  • the service providers engaged by us who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
  • non-public and public bodies, insofar as we are obliged to transfer your personal data due to legal obligations.

VII. Is automated decision-making used?

In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent required by law.

VIII. Is data transferred to countries outside the EU / EEA?

Your personal data is generally processed within the EU or the European Economic Area.

IX. How long will my data be stored?

We store your personal data as long as we have a legitimate interest in this storage and your interests in not continuing the storage do not outweigh this.

Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to fulfill retention obligations). We will also delete your personal data without any action on your part as soon as it is no longer required to fulfill the purpose of the processing or the storage is otherwise legally inadmissible.

As a rule

  • the log data is deleted within 30 days, unless further storage is required for statutory purposes such as the detection of misuse and the detection and elimination of technical faults;
  • the data processed in connection with a registration as a user is deleted after termination of the registration or with the deletion of the user account. The personal data that we must store to fulfill retention obligations will be stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the fulfillment of retention obligations, this data is generally blocked so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation.

X. What rights do I have?

As a data subject, you have the right

  • to information about the personal data stored about you, Art. 15 GDPR;
  • to rectification of inaccurate or incomplete data, Art. 16 GDPR;
  • to the erasure of personal data, Art. 17 GDPR;
  • to restriction of processing, Art. 18 GDPR; to data portability, Art. 20 GDPR, and
  • to object to the processing of personal data concerning you, Art. 21 GDPR.

To exercise these rights, you can contact us at any time - e.g. via one of the contact channels listed at the beginning of this data protection information.

If you have any questions about the processing of your data, you can also contact our data protection officer.

You are also entitled to lodge a complaint with a competent supervisory authority for data protection, Art. 77 GDPR.