Privacy policy

Scope
This privacy policy applies to the web presence of the Gotha Research Library, the Gotha Research Center, the Institute for Transcultural Studies Research of the University of Erfurt, and the Foundation Friedenstein Gotha, accessible at www.gotha.digital. The digital presentation of this content is carried out in accordance with the cooperation agreement between the Universities of Erfurt and Jena, as well as the Thuringian University and State Library in Jena.

We appreciate your visit to this website. Data protection and security are of great importance to us for our customers and users. We comply with data protection regulations, in particular the EU General Data Protection Regulation („GDPR“), the Federal Data Protection Act („BDSG“) and the Telemedia Act („TMG“) - available only in German.

This privacy policy explains what information (including personal data) we process during your visit and use of our services.
 
Who is responsible for data processing?

The responsible parties for data protection are:

The Thuringian University and State Library in Jena is the executing organization for processing personal data and service provider according to the TMG.
Bibliotheksplatz 2
07743 Jena
Tel. +49 3641 9-404 000
The Data Protection Officer can be contacted at: datenschutz(at)uni-jena.de

University of Erfurt, represented by the President, Prof. Dr. Walter Bauer-Wabnegg
Nordhäuser Str. 63
99089 Erfurt
The data protection officer can be contacted at: datenschutz(at)uni-erfurt.de

Foundation Friedenstein Gotha
Civil Law Foundation
Schlossplatz 1
99867 Gotha
Our data protection officer can be contacted at: datenschutz(at)stiftung-friedenstein.de

Wherever this data protection information refers to "we" or "us", this refers to the above-mentioned institutions.

What principles are observed?
In compliance with the data protection regulations, we only process your personal data if a legal provision allows us to do so or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.

On this website, we may also collect information which in and of itself does not allow us to draw any direct conclusions about your person. In certain cases – particularly in combination with other data – this information can nevertheless be regarded as ”personal data” within the meaning of data protection law. We may also collect information on this site that does not allow us to identify you directly or indirectly, such as aggregate information about all users of this Site.

What data are processed?
You can access our website without directly providing any personal data (such as your name, address or e-mail address). Even in this case, we must collect and store certain information to enable you to access our website.

1. Log files:
When you visit this website, our web server automatically records the domain name or the IP address of the requesting computer (usually your Internet service provider), including the date, time and duration of your visit, the subpages/URLs that you visit, as well as information about the applications and devices that you use to view our website.

2. Cookies:
In order to make our service as user-friendly as possible, we, like many well-known companies, use so-called cookies. Cookies are small text files that are stored in your Internet browser. These files help us to recognise certain preferences of our visitors while surfing and to design our site accordingly. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. We also use permanent cookies. These are used to improve the user experience. Our cookies do not collect any personal data and are not suitable for identifying you on third-party websites. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can also use your browser settings to refuse to accept cookies. However, this may mean that you will not be able to use all the functions of the website.

3. Analysis of our website using Matomo (formerly Piwik):
We use Matomo Open Analytics, a web analysis software by InnoCraft Ltd., 150 Willis St. 6011 Wellington, New Zealand to continuously improve our website. Matomo also uses cookies that are stored on your computer to enable the analysis of website usage. The information generated by cookies about your use of this website is usually sent to a Matomo server of the ThULB. The IP address of your device is anonymized and stored on this server in such a way that no conclusions can be drawn about the user. The collected information is used to evaluate your use of the website and to compile reports on website activity.

4. Communication
In order to ensure communication with our users, we process all information that you have provided to us when contacting us or that we have requested from you (such as your name, address, and other contact details). Furthermore, we store the reason for contact.

For what purposes and on what legal basis is your data processed?

1. The processing of any personal data contained in the log files is carried out to enable you to use our website. This is done on the basis of § 15 para. 1 TMG.
2. The processing of data collected via cookies (including web analysis with Matomo) and pseudonymised user profiles is carried out for the purposes of operating, improving and tailoring our website to meet requirements on the basis of § 15 para. 3 TMG.
3. We may also process the data stored in connection with the use of our website and for the purpose of communication in order to fulfil legal obligations to which we are subject. This is done on the basis of Article 6 paragraph 1 c) DSGVO.
4. If necessary, we also process your data beyond the above-mentioned purposes to protect our legitimate interests or the interests of third parties. This is done on the basis of Article 6 paragraph 1 f) DSGVO. In particular, our legitimate interests include:
   1. a) the assertion of legal claims and the defence in legal disputes;
   2. b) ensuring consumer-friendly communication in the cases of III.9;
   3. c) the prevention and investigation of criminal offences;
   4. d) the management and development of our business, including risk management.

Is there an obligation to provide data?
To ensure user-friendly communication, at least your name and email address are required. If we collect personal data from you beyond that, we will inform you during the data collection process if providing such data is legally or contractually required. We typically identify the information that can be voluntarily provided and is not based on any of the above-mentioned obligations.

Who receives your data?
Your personal data is processed within our systems as a general rule. Depending on the type of personal data, only certain departments/organizational units have access to your personal data. These include the departments specialized in providing our digital services (e.g. websites) and our IT department. Access within the Thuringian University and State Library (ThULB) is limited to the functions and extent required for the respective purpose of processing by means of a role and permission concept.

We may also disclose your personal data to third parties outside of ThULB within the legally permissible scope. These external recipients may include:

1. affiliated institutions, to whom we provide personal data for internal administrative purposes;
2. service providers we engage, who provide services to us on separate contractual basis, which may include the processing of personal data, and the subcontractors of our service providers with our consent;
3. private and public institutions, as far as we are obliged to disclose your personal data due to legal obligations.

Is automated decision making used?
In connection with the operation of our website, we generally do not use any automated decision making (including profiling) in the sense of Art. 22 DSGVO. Should we make use of such procedures in individual cases, we will inform you of this separately to the extent required by law.

Is data transferred to countries outside the EU/EEA?
The processing of your personal data generally takes place within the EU or the European Economic Area.

How long is your data stored?
We will store your personal data for as long as we have a legitimate interest in doing so and your interest in not storing the data does not outweigh this interest.

Even without a legitimate interest, we may continue to store the data if we are required to do so by law (e.g. to comply with retention obligations). We will also delete your personal data without your consent as soon as their knowledge is no longer necessary to fulfil the purpose of the processing or if their storage is otherwise legally inadmissible.
Usually:
 

1. Log data is deleted within 30 days unless further storage is required for legally prescribed purposes, such as the detection and removal of abuse and technical disruptions;
2. Data processed in connection with user registration is deleted upon completion of the registration or upon deletion of the user account. We store personal data that we are required to keep for storage obligations until the respective obligation expires. If we store personal data solely to fulfill storage obligations, they are usually blocked so they can only be accessed when needed for the purpose of the storage obligation.

What rights do you have?
As the person concerned, you have the right:
 

1. to access the personal data stored about you, Art. 15 DSGVO;
2. to rectify inaccurate or incomplete data, Art. 16 DSGVO;
3. to delete personal data, Art. 17 DSGVO;
4. to restrict the processing, Art. 18 DSGVO; to data portability, Art. 20 DSGVO; and
5. to object to the processing of your personal data, Art. 21 DSGVO.

In order to exercise these rights, you can contact us at any time – e.g. via one of the contact points mentioned at the beginning of this data protection information.

If you have any questions regarding the processing of your data, you can also contact our data protection officer. You are also entitled to lodge a complaint with a competent data protection authority, Art. 77 DSGVO.

Liability for content.
The content on our pages has been created with utmost care. However, we cannot guarantee the accuracy, completeness and timeliness of the content. As a service provider, we are responsible for our own content on these pages according to general laws, as stated in § 7 para. 1 TMG. However, as a service provider we are not obliged to monitor or investigate foreign information transmitted or stored on our website, or to search for circumstances indicating illegal activities, according to §§ 8 to 10 TMG. Obligations to remove or block the use of information in accordance with general laws remain unaffected by this. Liability in this regard is only possible from the time we become aware of a specific legal violation. Upon becoming aware of such legal violations, we will promptly remove such content.

Liability for links
Our service includes links to external third-party websites over the content of which we have no control. Therefore, we cannot guarantee the accuracy of these foreign contents. The respective provider or operator of the linked sites is responsible for the content. The linked sites were checked for potential legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, it is not reasonable to carry out a continuous substantive check of the linked pages without concrete evidence of a legal violation. If legal violations become known, we will promptly remove such links.

Incorporation of third-party providers.

Matterport 
Some of our pages contain 360-degree models of areas in the Gotha facilities. We use the services of Matterport for this service. By actively clicking the image of the model, you consent in accordance with Art.6 para.1 lit.a GDPR to be directed to Matterpor’s website and to the data exchange triggered thereby.

When using this service, Matterport collects personal data which is also transmitted to and processed in the USA as the company is based there. The following data is transmitted: IP address, browser version and rendering device, origin and target URLs and possibly, location data and the ID of the respective 3D tour.

Using the service also allows Matterport to set cookies. We have no control over this data transfer and the setting of cookies by Matterport. However, we would like to inform you that:

The service provider is Matterport, Inc., 352 E. Java Dr., Sunnyvale, CA 94089, with its registered office in the USA.

• Matterport’s Cookie Policy
• Information on data processing (Privacy Policy) by Matterport./a>
• The legal basis for data processing in the USA: According to their own statements, Matterport has committed to the EU’s Standard Contractual Clauses (SCC) to ensure adequate protection for the transfer of data outside the EEA. However, we would like to point out that even these recognized Standard Contractual Clauses cannot protect against access to the data by US authorities that is permissible under US law.
   

OpenStreetMap
Maps from OpenStreetMap have been integrated into some pages.
OpenStreetMap privacy information