Data Protection

1. Scope

This data protection statement applies to the website of the DIPF | Leibniz Institute for Research and Information in Education under https://www.dipf.de as well as all sites and profiles of DIPF whose data protection statements refer to this page (https://www.dipf.de/en/data-protection). For all external websites that are e.g. linked from this page, corresponding data protection and privacy statements apply. DIPF collects and processes all data on its websites solely according to current regulations and laws, especially those defined in the European General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

2. Operator of the internet service

This website is operated by the DIPF | Leibniz Institute for Research and Information in Education. DIPF holds responsible for processing the personal data that are assessed via this website. You will find the address and contact data in the imprint.

3. Responsible data protection officers

If you have any questions concerning data protection on the German Education Portal, please contact our data protection officers. You can thus find out which data are stored. You are moreover always welcome to send your enquiries, requests for deletion and correction regarding your data but also any suggestions via e-mail or letter, to the following address:

Viktorija Meinel (Ass. jur.)
gds Gesellschaft für Datenschutz Mittelhessen mbH (gds Ltd.)
Auf der Appeling 8, 35043 Marburg a.d. Lahn
Fax: 06421-804-13-18
Email: TWVpbmVsQGdkc20uZGU=

4. Lawful basis for data processing and handling of your data

DIPF will use the data assessed via this website to deliver the services offered, and users will thus be able to avail themselves of these services.

Legally, the partly temporary storage of data and log files is based on points a) and f), article 6 paragraph 1, GDPR. Personal data which we acquire for the purpose of delivering particular services are only assessed after you have given your consent to the assessment, storage and processing of these data according to the terms of use and pursuant to point a), article 6 paragraph 1, GDPR.

Personal data assessed by this website will not be transmitted to any third party if you have not given your consent to such a measure.

5. Collected data

You are principally able to use our website without submitting personal data. If personal data are assessed on our website, they are always submitted on a voluntary basis. The respective data will not be transmitted to third parties unless you have given your consent.

Each time this website is accessed and used, data and information are assessed and stored in server log files. The following data can be assessed:

  • IP address,
  • Information concerning the type and version of the browser,
  • Date and time of access,
  • Internet service provider of user,
  • Operating system of user,
  • Websites from which the user’s system accesses our site,
  • Websites that are accessed by the user’s system via our website.

6. Duration of storage

Temporary storage of IP addresses is necessary for delivery of the website to the user’s device. The user’s IP address needs to be stored for the duration of a session. To assure functionality of the website, data are stored in log files also to optimise contents and assure safety of our information technological systems. Data are deleted as soon as they are no longer needed for the purpose of assessment. In the case of assessing data for the provision of this website, this means that data will be deleted after a session has ended. Data that are stored in log files will be deleted after a maximum period of seven days. It is possible to store data beyond this period, but in these cases the user’s IP address will be extinguished or made unrecognisable. The data can thus no longer be used to identify the accessing client.

7. Your rights

As a user of this internet service, you are entitled to the following rights pursuant to chapter 3 GDPR:

7.1 Right of access

Pursuant to article 15 GDPR or § 52 HDSIG (Hessisches Datenschutz- und Informationsfreiheitsgesetz), you can request information regarding your personal data we store. To assist us in compiling the necessary data, we kindly ask you to specify details concerning your application. Please bear in mind that your right of access is limited by regulations outlined in §§ 24 (2), 25 (2), 26 (2) and 33 HDSIG, § 52 (2 to 5) HDSIG.

7.2 Right to rectification

If the data concerning yourself are not (or no longer) applicable, you can demand its correction pursuant to 16 GDPR or § 53 HDSIG. If your data are incomplete, you can demand their completion.

7.3 Right of erasure

Subject to conditions outlined in article 17 GDPR and §§ 34, 53 HDSIG, you can demand the erasure of your personal data.

7.4 Right to restriction of processing

Pursuant to the regulations outlined in article 18 GDPR or § 53 HDSIG, you have a right to demand the restriction of processing of your personal data.

7.5 Right to data portability

Pursuant to article 20 GDPR, you have a right to receive your personal data, which you have provided to us, in a structured, common and machine readable format. You are moreover entitled to transmit these data to another provider (controller), without being hindered by the controller who was first provided these data, in as far as

(1) Processing is based on consent pursuant to point a, article 6 (1) GDPR or point a, article 9 (2) GDPR or a contract pursuant to point b, article 6 (1) GDPR and
(2) Processing is carried out by automated means.

In exercising the above right, you are furthermore entitled to have your data directly transferred from one controller to another, if this is technically feasible. Freedoms and rights of others shall not be adversely affected.

7.6 Right to object

Pursuant to article 21 GDPR, for reasons given by your specific situation, you have a right to object to the processing of your personal data at any time, following from point e) or f), article 6 (1).

7.7 Right to complain

If you think that we have not regarded a data protection regulation in processing your data, you can send a complaint to the supervisory data protection and freedom of information officer of the federal state of Hessen, who will handle your complaint, see article 77 GDPR, § 55 HDSIG.

Email address of state data protection officer: UG9zdHN0ZWxsZUBEYXRlbnNjaHV0ei5IZXNzZW4uZGU=

8. Security advice

Please note that the transmission of data via internet (e.g. communication via email) might be vulnerable to security flaws. It is impossible to assure that data will not be accessed by third parties. Hereby, we strictly object to the usage of contact data published in the compulsory imprint by third parties, for the purpose of transmitting unrequested advertisements and information materials. The providers of this website reserve their right to prosecute, in the case of receiving unrequested advertisement, for instance via spam mails.

9. Details concerning web analysis and social media platforms

Data protection concerning Matomo

This website uses Matomo, an open source software for the statistical analysis of user access. Matomo uses so-called "cookies", i.e. text files that are stored on your computer and enable an analysis of your usage of the website. The cookie generates information about your usage of the site, which is stored on our server. The IP address is immediately anonymised after processing, prior to storage.  You can prevent storage of cookies by a specific browser setting but we would like to inform you that you might not be able to fully access and use all the functionalities of our website if your browser prevents cookies.

Objection to assessment via Matomo

If you decide to object to assessment of data via Matomo, click onto the following link to place the Matomo deactivation cookie in your browser.

10. Sentry

We use the serice Sentry (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the stability of our service by monitoring system stability and identifying code errors. Sentry serves these goals alone and does not evaluate any data for advertising purposes. User data, such as information about the device or the time of the error, is collected anonymously and used in a non-personal manner and then deleted.