You are here: Home / Data Protection

Data Protection

1. Name and address of data controller

The data controller in the sense intended by the General Data Protection Regulation and other national data protection laws of the European Union member states and various data protection regulations is:

Kommission Erforschung kondensierter Materie mit Großgeräten

Christian-Albrechts-Universität zu Kiel
Christian-Albrechts-Platz 4
24118 Kiel, Germany

2. Legal basis for the processing of personal data

Insofar as we obtain permission from the data subject for the processing of their personal data, the legal basis is art. 6 para. 1 a of the EU's General Data Protection Regulation (GDPR).

Where processing is in our legitimate interests or those of a third party, and the interests and basic rights and freedoms of the data subject do not outweigh such interests, the legal basis for the processing is art. 6 para. 1 f GDPR.

3. Scope of personal data processing

In the following, we distinguish between data that are collected for technical reasons on the website sni-portal (logfiles and language cookies, see. chapter 4) and address data that were collected before Octiber 2018 on the old website or that we got fom other sources after the consent of the user (chapter 5). For all data, the user has rights as described in chapter 6.

4. Provision of website

4.1 Creation of logfiles

Every time a user accesses our website, our system automatically captures the following data and information about the user's computer system:

  • Browser type and version
  • User's operating system
  • User's Internet service provider
  • User's IP address
  • Date and time of access
  • Websites accessed by user from our website

This data is stored in our system's logfiles. It is not stored with other personal data relating to the user.

Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is art. 6 para. 1 f GDPR.

Purpose of data processing

The temporary storage of the user's IP address in our system for the duration of the user's session is necessary to ensure our website can be delivered to the user's computer. 

Data is stored in logfiles to guarantee the functionality of our website. The data also helps us to optimise our website and ensure our IT systems are secure. The data is not in this context used for marketing purposes.

The aforementioned aims also constitute our legitimate interest in data processing as per art. 6 para. 1 f GDPR.

Duration of storage

Data is deleted as soon as it is no longer required for the purpose for which it was collected. Where data is captured for the purposes of making the website available,  it is deleted when the user's session ends.

Where data is stored in logfiles, it is deleted after six weeks, although it may be saved for up to three months at the lastest. 

Objection and removal

The capture of the data for the provision of the website and the storage of data in logfiles are necessary for the functioning of our website. The user therefore has no right of objection.

4.2 Use of cookies
Description and scope of data processing

Some of our websites/web applications use cookies. Cookies are text files that are saved on the user's computer system in or by the browser software. If a user accesses a website, a cookie can be stored on their operating system. This cookie contains a unique identification code that enables the user's browser to be recognised when the user revisits the website. 

We use cookies to make our website more user-friendly. Language settings are saved in the cookies. 

Legal basis for data processing

The legal basis for using cookies to process personal data is art. 6 para. 1 f GDPR.

Purpose of data processing

We use cookies for technical reasons in order to make use of the website easier for users. Without cookies, language settings of our website will not work. These functions require that, when you return to our site, your browser is recognised.

These purposes also constitute our legitimate interest in the processing of personal data as per art. 6 para. 1 f GDPR.

4.3. Web analysis

When needed, we analyse users' surfing behaviour using software for evaluating logfiles. The software runs solely on our servers. Users' personal data is stored only there and is not shared with any third party.

The software is used in such a way that IP addresses cannot be saved in full. It is therefore not possible to match the abbreviated IP address to the accessing computer.

Legal basis for the processing of personal data

Legal basis for the processing of personal data is art. 6 para. 1 f GDPR.

Purpose of data processing

Processing users' personal data enables us to analyse their surfing behaviour. Evaluating this data enables us to compile information about the use of individual elements of our websites, which in turn aids the continuous improvement of our websites and their user-friendliness. This is also the basis for our legitimate interest in the processing of data as per art. 6 para. 1 f GDPR. In anonymising IP addresses we pay due regard to the users' interest in the protection of their personal data.

4.4. Contact form and email address

Our website uses contact forms that can be used for contacting us electronically. If you use these forms, the information you enter will be transferred to and saved by us, i.e.

  • Name
  • Email address
  • Message content

When you send the message, the following data is saved:

  • Your IP address
  • Date and time

As part of the despatch process, your consent for the processing of your data will be obtained and you will be referred to this data protection statement. 

Alternatively you can contact us via the email address provided, in which case the personal data transmitted with the email will be saved.

This process will not involve any sharing of your data with third parties. Your data will be used solely for the processing of the conversation between us. 

Legal basis for data processing

Subject to your consent, the legal basis for the processing of data is art. 6 para. 1 a GDPR.

The legal basis for the processing of data transmitted as part of the sending of an email is art. 6 para. 1 f GDPR. Where the email contact is for the purposes of contract formation, the further legal basis is art. 6 para. 1 b GDPR.

Purpose of data processing

The personal data from the input fields is processed by us solely for the purpose of handling the matter in question. Where contact is made via email, the condition of legitimate interest in data processing is also satisfied. 

The processing of other personal data as part of the despatch process serves to prevent misuse of the contact form and to ensure our IT systems are secure. 

Duration of storage

Your data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data collected from the input fields of the contact form and for personal data sent to us via email, this deletion occurs when the conversation with you has ended. A conversation is deemed ended when it is reasonable to assume that the matter in question has been satisfactorily dealt with.

Objection and removal

You can at any time withdraw your consent for the processing of our personal data. If you contact us via email, you can object at any time to the storage of your personal data. If you do so, our conversation cannot be continued.

Every contact form contains a contact email address. By writing to this address you can revoke your consent or object to the storage of your personal data. All personal data stored as part of the contact process will then be deleted.

4.5. Surveys

On our website, we will conduct surveys from time to time. Surveays use contact forms that can be used for contacting us electronically. If you use these forms, the information you enter will be transferred to and saved by us. The entry of the email address is optional. It will only be used for clarifying questions on the survey data. We will not pass the email addresses on to any third parties. The other data will be evaluated anonymously. The user agrees to the statistical usage of his data by taking part in the survey.

Legal basis for data processing

Subject to your consent, the legal basis for the processing of data is art. 6 para. 1 a GDPR.

The legal basis for the processing of data transmitted as part of a survey is art. 6 para. 1 f GDPR.

Purpose of data processing

The personal data is processed by us solely for the purpose of handling the matter in question. Where contact is made via email, the condition of legitimate interest in data processing is also satisfied. The user is informed on the purpose of the survey before taking part.

Duration of storage

Your data is deleted as soon as it is no longer required for the purpose for which it was collected.

Objection and removal

You can at any time withdraw your consent for the processing of our personal data. If you contact us via email, you can object at any time to the storage of your personal data. All personal data stored as part of the survey will then be deleted.

5. Address data

The user representations (committees) who run the sni-portal keep the user addresses in a database. Unitl Octiber 2018, the users could enter, change or delete them using web forms on the old website. This is not possible on the new website. To prevent unwanted access from outside, users have to send their addresses by email.

The saved data usually comprises:

form of address

title

name

email address

postal address

newsletter (yes or no)

eligibility to vote (yes or no)

remark (e.g. data source)

date and time of registration

date and time of last change

All users whos data we save are informed about the source of the data, thepurpose of use and the possibility of changing or deleting the data ba email. This email also contains a link to this data protection information.

When we process your data for the purposes of sending the newsletter, we do not share any data with any third party. The data is used solely for the sending of the newsletter.

The postal addresses are used for the election of the committees. Only for this purpose, the addresses are safely transmitted to PT DESY. From there, the addresses will not be passed on to third parties under any circumstances.

Legal basis for data processing

Subject to your consent, the legal basis for the processing of data after you have subscribed to the newsletter and election is art. 6 para. 1 a GDPR.

Purpose of data processing

Your email address is collected for the purpose of sending the newsletter.

Duration of storage

Data is deleted as soon as it is no longer required for the purpose for which it was collected. Therefore your email address will be held only for as long as your subscription is active or until emails are returned undeliverable. The postal address of the user will be kept as long as the committees conduct postal elections, or until letters and emails are returned undeliverable.

Objection and removal

Subscription to the newsletter can be terminated at any time. Also registration as voter can be terminated without giginv any reason at any time. In both cases users should send email to the sni webmaster.

6. Rights of data subject

If your personal data is processed, you are a data subject in the sense intended by the GDPR and you have the following rights in your relationship with the data controller:

6.1. Right to be informed

You have the right to be informed by the data controller whether your personal data is being processed. 

If your data is being processed, you have the right to the following information from the data controller:

(1) The purposes for which the personal data is being processed;

(2) The categories of personal data being processed;

(3) The recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) The intended duration of storage of the personal data or, if this information is not available, the criteria for determining the duration;

(5) The existence of your right to the correction or deletion of your personal data, your right to the restriction of its processing by the data controller and your right to object to such processing;

(6) The existence of your right to complain to the supervisory authorities;

(7) All available information on the origin of the data insofar as the data was not collected from the data subject;

(8) The existence of automated decision-making including profiling as per art. 22 para. 1 and 4 GDPR and, at least in such cases, meaningful information on the logic involved and the scope and intended effect of such processing for the data subject. 

You have the right to know if your personal data is transferred to a non-EU country or an international organisation. In this context you have the right to be informed of the relevant guarantees that under art. 46 GDPR are to be provided for the transfer of data. 

This right to be informed can be restricted insofar as is there is reason to believe it might jeopardise research or statistical aims and if such restriction is necessary to meet such aims.

6.2. Right to correction

You have the right to have your personal data corrected or completed by the data controller. Correction must be carried out by the data controller immediately.

This right to correction can be restricted insofar as is there is reason to believe it might jeopardise research or statistical aims and if such restriction is necessary to meet such aims.

6.3. Right to restriction of processing

You have the right to the restriction of the processing of your personal data subject to the following criteria:

(1) You dispute the accuracy of your personal data for a period of time that allows the data controller to check the accuracy of the data concerned;

(2) The processing is unlawful and you decline to have the personal data deleted and instead request that the use of the data be restricted;

(3) The data controller no longer requires the personal data for the purposes originally intended but nonetheless needs it for the assertion of rights or the bringing of or defence against claims; or

(4) You have objected to processing as per art. 21 para. 1 GDPR and it has not yet been established whether the legitimate interests of the data controller outweigh your interests.

Where the processing of your personal data is restricted, this data may (apart from being stored) be processed only with your consent or for the assertion of rights or the bringing of or defence against claims or for the upholding of the rights of another natural or juristic person or on the grounds of significant public interest within the European Union or a member state.

Where processing is restricted in accordance with the aforementioned criteria, the data controller will inform you prior to the removal of such restriction. 

Your right to the restriction of data processing can itself be restricted insofar as there is reason to believe it might jeopardise research or statistical aims and if such restriction is necessary to meet such aims.

6.4. Right to deletion
Obligation to delete

You have the the right to the immediate deletion of your personal data by the data controller, provided that:

(1) The data concerned is not longer required for the purposes for which it was originally collected or has otherwise been processed;

(2) You revoke the consent on which under art. 6 para. 1 a or art. 9 para. 2 a GDPR processing was based and there is no other legal basis for the processing.

(3) Under art. 21 para. 1 GDPR you object to processing and there are no legitimate grounds for processing that take priority, or your objection to processing is based on art. 21 para. 2 GDPR;

(4) Your personal data has been processed unlawfully;

(5) The deletion of your personal data is necessary for compliance with a legal obligation under European Union law of the law of a member state to which the data controller is subject;

(6) Your personal data has been collected in relation to services offered as part of the information society as per art. 8 para. 1 GDPR.

Sharing of information with third parties

Where the data controller has published your personal data and is required under art. 17 para. 1 GDPR to delete it, it must, with due regard to the technology available and the costs of implementation, put in place appropriate measures (including technical ones) to inform those responsible for processing your personal data that you, the data subject, have exercised your right to have all links to or copies of your personal data deleted.

Exceptions

You have no right to the deletion of your personal data where its processing is required:

(1) For the exercise of the right to freedom of expression or information;

(2) For compliance with a legal obligation that makes processing necessary under the law of the European Union or the law of a member state to which the data controller is subject or for compliance with an order in the public interest or with an official requirement to which the data controller is subject;

(3) On grounds of public interest as it relates to public health as per art. 9 para. 2 h and i as well as art. 9 para. 3 GDPR;

(4) For archiving purposes or scientific or historical research purposes that are within the public interest or for statistical purposes as per art. 89 para. 1 GDPR, insofar as the rights specified under a) are likely to jeopardise the realisation of the aims of this processing; or

(5) For the assertion of or defence against claims or the exercise of rights.

6.5. Right to be informed

If you exercise your rights to have the data controller correct or delete your personal data or to restrict its processing, the data controller must inform all recipients to whom your personal data has been disclosed that you have exercised the aforementioned rights, unless to do so is impossible or would involve disproportionate cost or effort.

You have the right to be informed by the data controller who these recipients are.

6.6 Right to data portability

You have the right to receive in a current, structured and machine-readable form the personal data that you have provided to the data controller. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom you provided the data, provided:

(1) The processing is based on consent under art. 6 para. 1 a GDPR or art. 9 para. 2 a GDPR or on a contract as per art. 6 para. 1 b GDPR; 

(2) The data processing is automated.

In exercising this right you further have the right, insofar as is technically feasible and insofar as the rights and freedoms of third parties are not infringed, to have your personal data transferred directly from one data controller to another.

The right to data portability does not apply where personal data needs to be processed in order to comply with an order in the public interest or that is required on official orders to which the data controller is subject. 

6.7. Right to object

You have the right at any time and on grounds unique to you to object to the processing of your personal data as based on art. 6 para. 1 e or f GDPR. This right also includes any profiling based on these regulations.

The data controller will then cease to process your personal data unless it can prove compelling grounds for processing that outweigh your interests, rights and freedoms or unless the processing serves the assertion of or defence against claims or the exercise of rights.

Where your personal data is processed for direct marketing purposes, you have the right at any time to object to such processing, including to any profiling related to such direct marketing.

If you do raise such objection, your personal data will not be processed for direct marketing purposes. 

In connection with the use of information society services, and regardless of Directive 2002/58/EC, you can exercise your right to object by using automated processes for which technical specifications are used. 

You further have the right to object on grounds specific to you to the processing of your personal data, as per art. 89 para. 1 GDPR, for the purpose of historical or scientific research or for statistical purposes.

Your right to object can be restricted insofar as is there is reason to believe it might jeopardise research or statistical aims and if such restriction is necessary to meet such aims.

6.8. Right to revoke your declaration of consent as given under data protection law

You have the right to revoke at any time your declaration of consent as given under data protection law. Such revocation will not affect the lawfulness of any data processing carried out prior to the revocation on the basis of your consent. 

6.9. Right to complain to a supervisory authority

Without prejudice to any other legal or judicial remedy, you have the right to complain to a supervisory authority, especially one in the EU member state where you live or work or where the alleged infringement has taken place, if you believe that the processing of your personal data is in breach of the GDPR. 

The supervisory authority to which the complaint is submitted will keep you informed as to the status and outcome of your complaint, including your options for judicial remedy as per art. 78 GDPR.