Data protection


Data Protection Declaration of the Leibniz Institute for Resilience Research (LIR) gGmbH according to the legal requirements of Articles 12, 13, and 14 GDPR

Data protection declaration for website users

 (Version 1, 1st July 2022)

We, the Leibniz Institute for Resilience Research (LIR) gGmbH, will inform you below in accordance with Article 13 of the EU General Data Protection Regulation (GDPR), or in accordance with Article 14 GDPR if the data acquisition is not direct.

We are pleased to fulfil this obligation and inform you in detail and transparently about which personal data is or will be processed by us.

The purpose of the following explanations is to describe what kind of data we process, for which purpose and what your rights are (in accordance with Articles 15 to 22 and Article 34 GDPR).

Controller

Responsible person according to GDPR and the respective national data protection laws of the European member states as well as other national regulations, which concern data protection, is:

Leibniz Institute for Resilience Research (LIR) gGmbH

Wallstraße 7

55122 Mainz

Phone: +49 (0)6131 89448-02

Email: thorsten.mundi@lir-mainz.de

Contact details of the Data Protection Officer:

E-Mail: datenschutzbeauftragte@lir-mainz.de

Phone: +49 (0)6131 89448-08

Scope of application and purpose of data processing

In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

This data protection declaration applies to the website of the LIR gGmbH, which links to this text. This data protection declaration applies to the internet offer www.learning-resilience.de and the contents offered there. For content from other providers, for instance accessible via links, the terms and data protection policies of their websites apply.

Forwarding to another provider

If links to contents of other websites are used on our website, this is recognizable by an appropriate symbol (box with outward pointing arrow) or a text hint. Use of these offers may be subject to conditions other than those described in this data protection declaration.

Cookies, reach analysis, and tracking

As part of the content management system used to provide this website, so-called „session cookies“ are used. These are required to provide certain content in the desired manner. These session cookies are deleted after closing your browser.

When using external content via www.learning-resilience.de, for example, in the case of linking to other sites, third-party cookies may be used by their offer. It is not possible for us to explicitly mention those cookies. The current browsers allow you to set the processing of such cookies, so that you can disable the storage of these cookies or set the type of processing by your browser or delete these cookies.

LIR gGmbH does not use tracking analysis for www.learning-resilience.de.

Social plugins

This website does not use mechanisms that automatically provide information to social media service providers when visiting our service (social plugins).

Any redirections to providers of social media services such as Youtube, Facebook etc. are exclusively via link, so that data about your visit of our website (e.g., IP addresses, time stamps, URL) or on existing data on your device (e.g., cookie information) is transferred to those providers only with a conscious use of the link on our website.

E-mail contact

On the website, contact via the provided e-mail addresses is possible. We are only providing the contact detail and a contact via this website is not possible.

In this case you contact us by e-mail, your transmitted personal data will be processed. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or there exists no other legal basis for processing of the data.

Service providers

Some of the aforementioned processes or services are executed by carefully selected external service providers. We transfer and receive personal data of only on the basis of a separate data protection agreement for processors (according to Article 28 GDPR). If the seat of a service provider is located outside the European Union, a transfer of data to a third country takes place. With these service providers, the respective data protection agreements for the establishment of an adequate level of data protection are contracted and corresponding guarantees agreed.

Hosting of the website

The website is hosted by the following company using appropriate guaranties (based on a data protection agreement according to Article 28 of the GDPR):

1&1 IONOS SE

Elgendorfer Straße 57

56410 Montabaur

Rights of the data subject

As far as one’s personal data are processed, one is according to the GDPR a so-called data subject. If you are the data subject, you have the following rights listed below. The right to negative information is added if we have not saved anything about you.

Information to be provided where personal data is collected

In addition to providing information on whether any data has been stored about you, you have a general right to information. When we are processing your personal data, you can request the following information:

According to the legal wording according to Article 15 GDPR we will inform you upon request about:

Furthermore, we provide you with information about your rights. These are detailed below. You have a right to rectification (Article 16 GDPR) or a right to erasure (Article 17 GDPR) of your personal data. In addition, you have the right to restriction of processing by the controller (Article 18 GDPR) or a right to object to such processing (Article 21 of the GDPR). You have also the right to complain to a supervisory authority (Article 77 DS-GVO).

We also inform you about all available information on the origin of the data, if the personal data are not directly collected from the data subject (Article 14 GDPR).

We will generally not use profiling and will not use your data for automated decision-making in accordance with Article 22 (1) and (4) GDPR.

You also have the right to know whether your personal information is being transferred to a third country or to an international organization. If this is the case, we will inform you about the appropriate guarantees according to Article 46 GDPR regarding the third-country transfer.

Right to rectification

The right to rectification (Article 16 GDPR) and the new right to completion of data are guaranteed if personal data about you is incorrect or incomplete. The correction will be made immediately, which means without any undue delay by us.

Right to restriction of processing

You have the right to restrict the processing of your personal data (Article 18 GDPR). In this case, your data will only be saved and no longer used. According to the law you can assert this right if:

If the processing of your personal data has been restricted, these data may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of major public interest by the Union or a Member State.

As soon as we would like to continue to process the data again, i.e. the restriction of the processing would be cancelled, you will be informed.

Right to erasure

You have the right to request the erasure of your data (Article 17 GDPR) if one of the following cases applies.

We will delete your personal data without undue delay,

Right to be forgotten

If the controller has made the personal data relating to you public and is in accordance with Article 17 (1) GDPR required to erase them, the controller will, by taking the currently available technology into account as well as the implementation costs, inform all instances that are processing the data about your request to delete any links to such personal data as well as copies and replications.

Exceptions to the right of erasure

The right to delete may be restricted. This is the case if the data is required for the following purposes:

Right to notification obligation

If you, as the data subject, exercise the right to rectify, delete or restrict data processing, we as controllers are required to notify each recipient to whom the relevant personal data have been disclosed of the correction or deletion of the data or restriction of processing by the data subject (Article 19 GDPR). However, this does not apply if this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability

You, as the data subject, have the right to request the personal data that you have given to a controller in a structured, standard and machine-readable format (Article 20 GDPR).

Added to this is the right to send this data to a third party of your choice. The controller will not prevent you from transferring the data to the new person responsible, provided that the processing is based on a consent in accordance with Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract according to Article 6 (1) b GDPR the processing is done using automated procedures.

As far as this is technically feasible and the liberties and rights of other persons are not affected by this, you also have the right that your personal data will be transferred directly from the original person responsible to the new person in charge.

However, the right to data portability does not apply in all cases. An example would be if the processing of your personal data is necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.

Right to object

In several situations, you are entitled to a right of objection (Article 21 GDPR) against data processing. You are therefore informed that you have the right to object the processing of your personal data at any time, which was based on Article 6 (1) a and e GDPR or Article 9 (2) a and file your opposition with the controller. In this case, your personal data will no longer be processed, unless the person responsible can prove that there are compelling legitimate reasons that outweigh your interests as a data subject and your rights and freedoms. Likewise, processing may continue if it serves to assert, exercise or defend legal claims.

If the processing of your personal data serves direct marketing purposes you continue to have the right to object at any time to this processing for such advertising.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes under Article 89 (1) GDPR, unless such processing is necessary to fulfil a task of public interest.

Right to withdraw the data protection consent declaration

You have the right to withdraw your consent at any time without giving reasons. The revocation is valid only for the future. This means that by revoking the declaration of consent, the previous processing, until receipt of the revocation of the consent, is not unlawful.

Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subjected to a decision-making process based solely on automated processing in so far as it has a legal effect or similarly affects you in a substantial way (Article 22 GDPR). This also applies to so-called „profiling“.

We generally will not use personal information for profiling or automated decision making.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for you is that of your place of residence. In addition, you are free to assert any other remedies from administrative or civil courts.

The supervisory authority with which you filed your complaint will be pleased to inform you of the current status of the results and to provide you with any legal remedies.

Contact:

Prof. Dr Dieter Kugelmann; Hintere Bleiche 34, 55116 Mainz; Phone: +49 (0)6131 208 24 49;

E-Mail: poststelle@datenschutz.rlp.de

Changes to the data protection declaration

We reserve the right to update our Data Protection Declaration as required and publish it here. The updated statement will become effective upon publication, subject to applicable legislation. If we have already collected data about you that are affected by the change and/or are subject to a statutory information obligation, we will also inform you about significant changes to this data protection declaration.