We appreciate your visit to this website. Data protection and security are of great importance to us for our customers and users. We comply with data protection regulations, in particular the EU General Data Protection Regulation („GDPR“), the Federal Data Protection Act („BDSG“) and the Telemedia Act („TMG“) - available only in German.
Who is responsible for data processing?
The responsible parties for data protection are:
The Thuringian University and State Library in Jena is the executing organization for processing personal data and service provider according to the TMG.
Tel. +49 3641 9-404 000
The Data Protection Officer can be contacted at: datenschutz(at)uni-jena.de
University of Erfurt, represented by the President, Prof. Dr. Walter Bauer-Wabnegg
Nordhäuser Str. 63
The data protection officer can be contacted at: datenschutz(at)uni-erfurt.de
Foundation Friedenstein Gotha
Civil Law Foundation
Our data protection officer can be contacted at: datenschutz(at)stiftung-friedenstein.de
Wherever this data protection information refers to "we" or "us", this refers to the above-mentioned institutions.
What principles are observed?
In compliance with the data protection regulations, we only process your personal data if a legal provision allows us to do so or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website, we may also collect information which in and of itself does not allow us to draw any direct conclusions about your person. In certain cases – particularly in combination with other data – this information can nevertheless be regarded as ”personal data” within the meaning of data protection law. We may also collect information on this site that does not allow us to identify you directly or indirectly, such as aggregate information about all users of this Site.
What data are processed?
You can access our website without directly providing any personal data (such as your name, address or e-mail address). Even in this case, we must collect and store certain information to enable you to access our website.
1. Log files:
When you visit this website, our web server automatically records the domain name or the IP address of the requesting computer (usually your Internet service provider), including the date, time and duration of your visit, the subpages/URLs that you visit, as well as information about the applications and devices that you use to view our website.
3. Analysis of our website using Matomo (formerly Piwik):
In order to ensure communication with our users, we process all information that you have provided to us when contacting us or that we have requested from you (such as your name, address, and other contact details). Furthermore, we store the reason for contact.
For what purposes and on what legal basis is your data processed?
- The processing of any personal data contained in the log files is carried out to enable you to use our website. This is done on the basis of § 15 para. 1 TMG.
- The processing of data collected via cookies (including web analysis with Matomo) and pseudonymised user profiles is carried out for the purposes of operating, improving and tailoring our website to meet requirements on the basis of § 15 para. 3 TMG.
- We may also process the data stored in connection with the use of our website and for the purpose of communication in order to fulfil legal obligations to which we are subject. This is done on the basis of Article 6 paragraph 1 c) DSGVO.
- If necessary, we also process your data beyond the above-mentioned purposes to protect our legitimate interests or the interests of third parties. This is done on the basis of Article 6 paragraph 1 f) DSGVO. In particular, our legitimate interests include:
- a) the assertion of legal claims and the defence in legal disputes;
- b) ensuring consumer-friendly communication in the cases of III.9;
- c) the prevention and investigation of criminal offences;
- d) the management and development of our business, including risk management.
Is there an obligation to provide data?
To ensure user-friendly communication, at least your name and email address are required. If we collect personal data from you beyond that, we will inform you during the data collection process if providing such data is legally or contractually required. We typically identify the information that can be voluntarily provided and is not based on any of the above-mentioned obligations.
Who receives your data?
Your personal data is processed within our systems as a general rule. Depending on the type of personal data, only certain departments/organizational units have access to your personal data. These include the departments specialized in providing our digital services (e.g. websites) and our IT department. Access within the Thuringian University and State Library (ThULB) is limited to the functions and extent required for the respective purpose of processing by means of a role and permission concept.
We may also disclose your personal data to third parties outside of ThULB within the legally permissible scope. These external recipients may include:
- affiliated institutions, to whom we provide personal data for internal administrative purposes;
- service providers we engage, who provide services to us on separate contractual basis, which may include the processing of personal data, and the subcontractors of our service providers with our consent;
- private and public institutions, as far as we are obliged to disclose your personal data due to legal obligations.
Is automated decision making used?
In connection with the operation of our website, we generally do not use any automated decision making (including profiling) in the sense of Art. 22 DSGVO. Should we make use of such procedures in individual cases, we will inform you of this separately to the extent required by law.
Is data transferred to countries outside the EU/EEA?
The processing of your personal data generally takes place within the EU or the European Economic Area.
How long is your data stored?
We will store your personal data for as long as we have a legitimate interest in doing so and your interest in not storing the data does not outweigh this interest.
Even without a legitimate interest, we may continue to store the data if we are required to do so by law (e.g. to comply with retention obligations). We will also delete your personal data without your consent as soon as their knowledge is no longer necessary to fulfil the purpose of the processing or if their storage is otherwise legally inadmissible.
- Log data is deleted within 30 days unless further storage is required for legally prescribed purposes, such as the detection and removal of abuse and technical disruptions;
- Data processed in connection with user registration is deleted upon completion of the registration or upon deletion of the user account. We store personal data that we are required to keep for storage obligations until the respective obligation expires. If we store personal data solely to fulfill storage obligations, they are usually blocked so they can only be accessed when needed for the purpose of the storage obligation.
What rights do you have?
As the person concerned, you have the right:
- to access the personal data stored about you, Art. 15 DSGVO;
- to rectify inaccurate or incomplete data, Art. 16 DSGVO;
- to delete personal data, Art. 17 DSGVO;
- to restrict the processing, Art. 18 DSGVO; to data portability, Art. 20 DSGVO; and
- to object to the processing of your personal data, Art. 21 DSGVO.
In order to exercise these rights, you can contact us at any time – e.g. via one of the contact points mentioned at the beginning of this data protection information.
If you have any questions regarding the processing of your data, you can also contact our data protection officer. You are also entitled to lodge a complaint with a competent data protection authority, Art. 77 DSGVO.
Liability for content.
The content on our pages has been created with utmost care. However, we cannot guarantee the accuracy, completeness and timeliness of the content. As a service provider, we are responsible for our own content on these pages according to general laws, as stated in § 7 para. 1 TMG. However, as a service provider we are not obliged to monitor or investigate foreign information transmitted or stored on our website, or to search for circumstances indicating illegal activities, according to §§ 8 to 10 TMG. Obligations to remove or block the use of information in accordance with general laws remain unaffected by this. Liability in this regard is only possible from the time we become aware of a specific legal violation. Upon becoming aware of such legal violations, we will promptly remove such content.
Liability for links
Our service includes links to external third-party websites over the content of which we have no control. Therefore, we cannot guarantee the accuracy of these foreign contents. The respective provider or operator of the linked sites is responsible for the content. The linked sites were checked for potential legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, it is not reasonable to carry out a continuous substantive check of the linked pages without concrete evidence of a legal violation. If legal violations become known, we will promptly remove such links.
Incorporation of third-party providers.
Some of our pages contain 360-degree models of areas in the Gotha facilities. We use the services of Matterport for this service. By actively clicking the image of the model, you consent in accordance with Art.6 para.1 lit.a GDPR to be directed to Matterpor’s website and to the data exchange triggered thereby.
When using this service, Matterport collects personal data which is also transmitted to and processed in the USA as the company is based there. The following data is transmitted: IP address, browser version and rendering device, origin and target URLs and possibly, location data and the ID of the respective 3D tour.
Using the service also allows Matterport to set cookies. We have no control over this data transfer and the setting of cookies by Matterport. However, we would like to inform you that:
The service provider is Matterport, Inc., 352 E. Java Dr., Sunnyvale, CA 94089, with its registered office in the USA.
- The legal basis for data processing in the USA: According to their own statements, Matterport has committed to the EU’s Standard Contractual Clauses (SCC) to ensure adequate protection for the transfer of data outside the EEA. However, we would like to point out that even these recognized Standard Contractual Clauses cannot protect against access to the data by US authorities that is permissible under US law.
Maps from OpenStreetMap have been integrated into some pages.
OpenStreetMap privacy information