1. Scope of personal data processing

As a matter of principle, we collect and use our users' personal data only to the extent necessary to provide a functional website and to furnish our content and services. We collect and use our users' personal data only where the processing is permitted by law or with the user's consent.

2. Legal basis for processing of personal data

Where we obtain the data subject's consent to personal data processing procedures, Art. 6 para. 1 lit. a GDPR serves as legal basis.

For processing of personal data required for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR serves as legal basis. The same applies to processing procedures in order to take steps prior to entering into a contract.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as legal basis.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 para. 1 lit. d GDPR serves as legal basis.

Where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.

3. Data erasure and storage period

The data subject's personal data is erased or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this date if required by European or national legislation in European Union regulations, statutes or other provisions of law to which the controller is subject. If legal retention obligations exist, for example, the personal data will be stored until expiry of the retention obligation and then deleted. If the purpose for storing the data still applies, the data will be blocked until the purpose no longer applies and then erased.

4. Sharing of data

Should we, while processing data, disclose, transmit or otherwise grant access to the data to other persons and companies (processors or third parties), this will be done only on the basis of legal authorisation or a legal obligation or on the basis of our valid interests or your consent. In the following cases, our data processing will be performed by a service provider subject to our instructions who is bound by the provisions of data protection legislation and may not use the data for another purpose:

• Web hosting
• Website design and layout

In the event that we engage third parties to process data on the basis of a "Processing Contract", this will be undertaken on the basis of Art. 28 GDPR.

If during use of third-party services data is processed in a third country, this will occur only either to fulfil our (pre-) contractual obligations, a legal obligation or on the basis of our vital interests or with your consent. Subject to legal or contractual authorisation, we will process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met, for example if the processing is carried out on the basis of special guarantees or in compliance with officially recognised special contractual obligations.

1. Description and scope of data processing

Each time our website is requested, our system automatically gathers data and information from the computer system of the computer sending the request.

For technical reasons, the following data, among other information, is captured and stored in server-side log files when our website is visited:

• Date and time of access
• IP address used for access
• Operating system used
• Browser type and version
• Website, linking to our site (referrer URL)
• Page of our site visited

Some of this data is provided by your browser. The data is not combined with other data sources.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The system's temporary storage of the IP address is necessary to enable delivery of the website to the user's computer. This requires storing the user's IP address for the duration of the session. These purposes also comprise our legitimate interest in processing the data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Storage period

The data will be deleted as soon as it is no longer needed to accomplish the purpose for which it was collected. In the case of data collection for providing the website, this is the case when a given session has ended.

5. Options for objection and removal

The collection of data to provide the website and the storage of data in log files is indispensable for the operation of the site. Consequently, there is no opportunity for the user to object.

1. Description and scope of data processing

Our website uses cookies. Cookies are small text files stored by the websites you visit on your computer, tablet or smartphone in your internet browser or by the browser on the user's computer system. Cookies are often used to enable website functions, to improve the user experience and to make certain information available to website operators. If a user requests a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic sequence of characters that enables the browser to be uniquely identified if it requests the website again.

We use cookies to maintain your current work session in the application ("session cookies"). These cookies are deleted as soon as you close the browser window, at latest.

Beyond the duration of a work session, we store the notes or bookmarks that you yourself have created in the application as well as the last 15 addresses (documents) you have requested in the application. We may also store settings you have made in the application to make them permanent. This information is associated with your user name. If multiple people share a login, all of them will have access to this information.

2. Legal basis for the data processing

The legal basis for the use of cookies in processing personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose for the use of technically necessary cookies is to make the use of websites easier for the user. Certain functions of our website could not be offered without the use of cookies. These require the browser to be recognised after moving from one page to another. The user data collected by means of technically necessary cookies is not used to compile user profiles.

The purposes mentioned also comprise our legitimate interest in the processing of the personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Storage period, options for objection and removal

Cookies are stored on the user's computer and transmitted from there to our site. This means you as user have full control over the use of cookies. By changing the settings in your web browser you can disable or restrict the transmission of cookies. Cookies already stored on your system can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may no longer be possible to use all functions of the website fully.

You can configure your browser settings to refuse cookies, delete them from your computer, block them or activate a function to ask you before setting any cookie. Accepting cookies is not required to visit our website. Please note, however, that certain functions of our website may be limited.

1. Description and scope of data processing

If you send us an email, we will collect and process the personal data that you send us within the email. This may, for example, include your first name, surname, postal address, telephone number, email address and the contents of your message or notice if they include data about yourself. This is done so we can communicate with you if you have contacted us, for example by answering your questions, processing orders or providing information you have asked for.

No data is shared with third parties in this case. The data is used exclusively to process the conversation.

2. Legal basis for the data processing

The legal basis for processing of data transmitted in sending an email is Art. 6 para. 1 lit. f GDPR. If the aim of the email contact is to execute a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis for the processing.

3. Purpose of data processing

Our sole purpose for processing the personal data is to carry out the procedures for establishing contact. This also comprises the requisite legitimate interest in the processing of the data.

4. Storage period

The data will be deleted as soon as it is no longer needed to accomplish the purpose for which it was collected. This is the case when the given conversation with the user is finished. The conversation is finished when it can be concluded from the circumstances that the matter in question has been conclusively settled.

The additional personal data gathered during the sending process will be deleted within no longer than seven days.

5. Options for objection and removal

The user has the option of withdrawing consent to the processing of the personal data at any time. If the user contacts us by email, he or she may object to the storage of his or her personal data at any time. In such a case the conversation will not be continued.

1. Description and scope of data processing

On our website we offer users the option of registering by entering personal data. This data is entered in an input form, transmitted to us and stored. The data is not shared with third parties.

The following data is collected as part of the registration process:

• Contact person's first name and surname
• Email address (= username)
• Institution
• Location of institution
• Password
• Password confirmation

The following data is also stored at the time of registration:

• The user's IP address
• Date and time of registration

2. Legal basis of data processing

If the registration aids in the performance of a contract to which the user is party or in taking steps prior to entering into a contract, the legal basis for processing of the data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

User registration is required to keep certain content and services on our website ready and/or is needed for performance of a contract with the user or to take steps prior to entering into a contract.

4. Storage period

The data will be deleted as soon as it is no longer needed to accomplish the purpose for which it was collected. For the data collected in the registration process, this is the case if the registration on our website is cancelled or modified. This is the case during the registration process for performance of a contract or to take steps prior to entering into a contract if the data is no longer required to carry out the contract. It may still be necessary after concluding the contract to store the contracting party's personal data to fulfil contractual or legal obligations.

5. Option to object or remove

As user you have the ability to cancel registration at any time. You can have the stored data about you modified at any time. If the data is required for performance of a contract or to take steps prior to entering into a contract, it can be prematurely deleted only where no contractual or legal obligations preclude deletion. As user you have the ability to cancel registration at any time. You can have the stored data about you modified at any time.

1. Right of access

You can obtain confirmation from the controller as to whether or not personal data concerning you is being processed by us.

If such data is being processed, you can obtain the following information from the controller:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipient to whom your personal data has been or will be disclosed;

(4) the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing by the controller or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to its source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information as to whether your personal data is being transferred to a third country or to an international organisation. If so, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right of rectification

You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller must carry out the rectification without delay.

3. Right to restriction of processing

You have the right to obtain restriction of processing of your personal data where one of the following applies:

(1) if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims, or

(4) if you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing of your personal data has been restricted, the data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted pursuant to the above-mentioned conditions, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

1. You can obtain from the controller the erasure of your personal data without delay, and the controller has the obligation to erase such data without delay where one of the following grounds applies:

   (1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

   (2) You withdraw the consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

   (3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

   (4) Your personal data has been unlawfully processed.

   (5) Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

   (6) Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

   Where the controller has made your personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you as data subject have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

2. The right of erasure does not apply to the extent that processing is necessary:

   (1) for exercising the right of freedom of expression and information;

   (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

   (3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

   (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, in so far as the right referred to in Section VII. 4.a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

   (5) for the establishment, exercise or defence of legal claims.

5. Right of notification

If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you further have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into, or for performance of, a contract between you and the data controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in sections (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The national data protection supervisory authority responsible for the controller can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.