Dear visitor to the Alfred Wegener Institute, Helmholtz Centre for Polar and Marine Research’s internet portal meereisportal.de:
To ensure your peace of mind while visiting our site, in the following pages we wish to inform you regarding the handling of your personal data. We do not publish your data or transfer it to third parties in any unauthorised manner. Below we will explain which types of data are recorded during your visit and how they are used.
A. General aspects
1. Scope of data processing
Fundamentally speaking, we only collect and use personal data to the extent necessary for operating our website and providing our content and services. The collection and use of visitors’ personal data normally take place after securing their consent. One exception: cases in which the processing of personal data without express consent is permitted by relevant legislation.
2. Legal basis of data processing
To the extent that we require the consent of the affected party for the processing of personal data, Art. 6 Sec. 1 a of the EU’s General Data Protection Regulation (GDPR) provides the legal basis.
With regard to the processing of personal data that is required in order to fulfil a contract involving the affected party, Art. 6 Sec. 1 b GDPR provides the legal basis. This also applies to data processing required for the implementation of precontractual measures.
If data processing takes place in order to fulfil a duty that is in the public interest or was assigned to the site operator in order to enforce and fulfil public law, Art. 6 Sec. 1 e GDPR provides the legal basis.
If the processing is required in order to safeguard the legitimate interests of the Alfred Wegener Institute or a third party, and said interests are not superseded by the interests, fundamental rights and freedoms of the affected party, Art. 6 Sec. 1 f GDPR provides the legal basis for processing.
3. Data storage and deletion
As soon as the purpose of data storage has been fulfilled, the affected party’s personal data is deleted, rendered anonymous or blocked. Data may be stored beyond this point in time when doing so is called for in European, German or other legislation which the AWI is subject to. The data is deleted, rendered anonymous or blocked when one of the storage periods delineated in the above-mentioned norms expires, unless the continuing storage of the data is required in order to conclude or fulfil a contract.
4. Contact information for the responsible party
As defined in the General Data Protection Regulation, national and other data protection regulations, the responsible party with regard to data processing is the:
Alfred Wegener Institute
Helmholtz Centre for Polar and Marine Research
Am Handelshafen 12
Contact form: https://www.awi.de/en/about-us/service/contact.html
5. Contact information for the data protection officer
The AWI’s data protection officer is
B. Website operation and logfiles
In order to continually improve the quality of our website, we store data on individual visits for statistical purposes. The dataset consists of:
- the page where the file is called up from,
- the name of the file,
- the date and time of the request,
- the size of file transferred,
- the access status (file transferred, file not found),
- the browser used,
- the IP address of the computer sending the request
This data is stored in our system’s logfiles. Said data is not stored together with visitors’ other personal data.
The legal basis for the temporary storage of data and logfiles is provided by Art. 6 Sec. 1 e GDPR. The storage of data in logfiles serves to ensure the proper functioning of our website. Moreover, this data is used to optimise the site, do away with errors/bugs, and ensure the security of our IT systems. Accordingly, this data processing is necessary as defined in Art. 6 Sec. 1 e GDPR.
This data is deleted as soon as it is no longer needed in order to fulfil the purpose of its collection. In the case of data required for website operation, this is the case when the respective visit ends. In the case of data storage in logfiles, this is the case after a maximum of seven days. Data may also be stored beyond this point in time; in this case, visitors’ IP addresses are deleted or rendered unrecognisable, making it impossible to link them to the respective clients.
The storage of data required for website operation and the storage of data in logfiles are absolutely necessary. Consequently, visitors have no right to object to said types of storage.
C. Web analytics
- the IP address, which is rendered anonymous through truncation
- two cookies, used to differentiate between types of visitor (_pk_id.44.a4d7 and _pk_ses.44.a4d7)
- previously visited URL (referrer), provided this data is available from the browser
- name and version of the operating system
- name, version and language settings of the browser
With regard to the font used on our website, we have a license from the provider Monotype GmbH, Berlin, which uses its own tracking system to monitor the number of times the license model is accessed. Whenever a website containing the web font tracking script or a similar technology is accessed, not the requesting IP address but the anonymous address IP 0.0.0.0 is transferred to our third-party provider. Consequently, visitors’ personal data is neither collected nor processed. You can find additional information here at Monotype's website.
- visited URLs on the website
- times at which the pages were accessed
- types of HTML requests
- monitor resolution and colour settings
- browser-supported technologies and formats (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)
Data storage and data analysis exclusively take place on a central server operated by the AWI. In addition to our central website www.awi.de, the server is used for the majority of our affiliated project websites.
The legal basis for the processing of visitors’ personal data is provided by Art. 6 Sec. 1 f GDPR. This processing allows us to evaluate visitor behaviour. The analysis of the resulting data allows us to compile information on the use of individual website components, which helps us to continually improve our website and its user-friendliness. These purposes constitute a legitimate interest in the processing of personal data as defined in Art. 6 Sec. 1 f GDPR. By rendering their IP addresses anonymous, visitors’ interests and the protection of their personal data are adequately taken into consideration.
Once the end-of-year sums for the access statistics have been determined, this data is deleted.
Needless to say, you have the right to object to the collection of your personal data. You have the following, separate options for objecting to the storage of your personal data on our central server:
- In your browser, select the “do not track” option. If this setting is selected, our central server will not store any personal data on you. Note: as a rule, the setting only applies to one specific computer and browser; if you use more than one device or browser, you will need to select it separately for each one.
- Use our opt-out function. Click on the following checkbox to deactivate or reactivate data collection. If it is deactivated, our central server will not store any personal data on you. Note: to use the opt-out, we have to save a specific identifier cookie on your browser. If you delete it or use another device or browser, you will need to deactivate data collection again.
This data is not stored together with visitors’ other personal data.
- “_pk_id.44.a4d7” – Matomo ID for tracking
- “_pk_ses.44.a4d7” – Matomo session for tracking
- “fe_typo_user” – TYPO3 cookie, used to differentiate between frontend users
The legal basis for the processing of personal data using cookies is provided by Art. 6 Sec. 1 f GDPR. The purpose of technically required cookies is to make the site easier for visitors to use. Some of our website’s functions cannot be offered without cookies. For these functions, the accessing browser must be identifiable even after the visitor has changed pages. We require cookies for the following functions:
- using the same language settings as the browser: automatic selection of the landing page and spellchecker
- temporarily storing previous entries in forms: terms entered for the in-site search, terms entered in the contact form (Section E)
Visitor data collected via technically required cookies is not used to create visitor profiles. These purposes constitute a legitimate interest in the processing of personal data as defined in Art. 6 Sec. 1 f GDPR.
E. Contact form
Our website features a form for contacting us electronically. If visitors use the form, the information they enter on a voluntary basis is transferred to us and stored. As a rule, this includes their email address, last name and first name. In the course of using the form, we provide information on the concrete processing of personal data and request your consent. In addition, we cite this Privacy Statement. The data is exclusively used to process the conversation.
The legal basis for the processing of personal data in connection with the contact form, provided that visitors grant their consent, is Art. 6 Sec. 1 a GDPR. The processing of personal data entered into the form is exclusively done for the purpose of processing the conversation. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This is the case when the conversation with the respective visitor has ended or their question or request has been processed in full. The conversation is over when it can be assumed that the visitor’s question or request has been answered or attended to. Visitors have the right to revoke their consent to the processing of their personal data at any time by informing one of the listed contact partners.
Your personal data will only be transferred to government institutions and agencies if doing so is legally required or in the context of criminal prosecution following attacks on our network infrastructure. No data is transferred to third parties for other purposes.
F. Rights of affected parties
As an affected party whose personal data is gathered in connection with the above-mentioned services, fundamentally speaking you have the following rights, provided there are no relevant exceptions arising from applicable legislation:
- right to information (Art. 15 GDPR)
- right to correction (Art. 16 GDPR)
- right to deletion (Art. 17 Sec. 1 GDPR)
- right to limit processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object to processing (Art. 21 GDPR)
- right to revoke your consent (Art. 7 Sec. 3 GDPR)
- right to file a complaint with the supervisory authority (Art. 77 GDPR). In the case of the AWI, said authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit, Arndtstraße 1, 27570 Bremerhaven.
G. Social media
Two clicks for more data protection
To protect our visitors’ data and privacy, we use the tried and proven two-click method, also known as the Shariff solution, for recommendations in social networks. Accordingly, our website features inactive buttons that do not transfer any information to social networks. However, visitors have the option of manually activating the buttons and connecting to their preferred network (first click). In a second step, they can submit their recommendation (second click). As such, activating the button in the first step constitutes the visitor’s consent to their data being transferred to the operator of the respective social network for this particular page.
Data protection regulations on the use of Twitter
Components of Twitter are integrated into some parts of our website. Twitter is a multilingual, publicly accessible microblogging service that allows users to post and share “tweets” – short texts limited to 280 characters. These tweets are accessible to anyone, including those who are not registered Twitter users. Through hashtags, links and retweets, Twitter allows a broad audience to be reached.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
When those parts of our website that include integrated Twitter components are accessed, the respective component automatically prompts the visitor’s internet browser to download a version of said component from Twitter. You can find further information on the Twitter Timeline here.
If the visitor in question is simultaneously logged into Twitter, every time a part of our website that includes an integrated Twitter component is accessed, Twitter can recognise which specific subpage of our website was accessed. This information is collected by the Twitter component and matched to the respective Twitter account by Twitter.
Through the component, Twitter is notified whenever the visitor in question visits our website, provided the visitor in question is simultaneously logged into Twitter; this is the case regardless of whether or not the visitor clicks on the component. If visitors do not wish this information to be provided to Twitter, they can prevent it by logging out of their Twitter account before visiting our website.
H. Commissioned processors
We use external service providers (commissioned processors) to maintain our website and for webhosting. In order to ensure the protection of your personal data, we have concluded separate commissioned data processing agreements with each provider.
We work with the following service providers:
- wilhelm innovative medien GmbH, Friedrich-Ebert-Straße 128 b, 42117 Wuppertal
- Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp
- frommo visuelle medien, Wilhelmstraße 40, 42781 Haan
- Monotype GmbH, Spichernstraße 2, 10777 Berlin
09 January 2023