This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (DSGVO).
- Name/Fa.: Zoologisches Forschungsmuseum Alexander Koenig
- Street no.: Adenauerallee 160
Postcode, city, country: 53113 Bonn, Deutschland
- Telephone number: +49 228 9122-0
- E-mail address: datenschutz"AT"leibniz-zfmk.de
Data Protection Officer:
- Name: Thorsten Klug
Street no.: Adenauerallee 160
- Postcode, city, country: 53113 Bonn, Deutschland
Telephone number: +49 228 9122-402
- E-mail address: datenschutz"AT"leibniz-zfmk.de
Types of data processed:
- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9(1) DSGVO):
- No special categories of data are processed.
Categories of data subjects concerned by the processing:
- Customers / interested parties / suppliers.
- In the following, we also refer to the persons concerned collectively as “users”.
Purpose of the processing:
- Provision of contractual services, service and customer care.
- Responding to contact requests and communicating with users.
As at: 01.07.2021
Relevant legal bases
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subjects
You have the right to request confirmation as to whether data in question are being processed and to information about these data as well as further information and a copy of the data in accordance with Art. 15 of the DSGVO.
You have the right according to. Article 16 of the DSGVO, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.
In accordance with Art. 17 of the DSGVO, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the DSGVO, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the DSGVO and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the DSGVO.
Right of withdrawal
You have the right to revoke consent granted in accordance with Art. 7 (3) DSGVO with effect for the future.
Right of objection
You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for direct marketing purposes.
Cookies and right to object to direct advertising
We use temporary and permanent cookies, i.e. small files that are stored on users’ devices. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
In part, the cookies serve security purposes or are necessary for the operation of our online offer (e.g., for the display of the website) or to save the user decision when confirming the cookie banner.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the person concerned has the right to complain to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Cookies & Reach Measurement
Cookies are pieces of information that are transferred from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. in order to be able to store your login status or the shopping basket function and thus enable the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Integration of third-party services and content / implemented technologies
Within our online offer, we use content or service offers of third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.
The following presentation provides an overview of third-party providers and implemented technologies as well as their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):
On this website we use the tool “FriendlyCaptcha”, which is provided by FriendlyCaptcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. To protect the website from spam and misuse, this tool is used for all contact forms. The function of the tool is to distinguish whether the data entered into the contact form was entered by a natural person or whether it was misused by a machine and automated processing. By using FriendlyCaptcha, we can block automated software.
FriendlyCaptcha is a proof-of-work-based CAPTCHA where the user’s device does all the work. No personal data is transmitted or processed by FriendlyCaptcha in the process.
This website uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission.
We have configured the integration of Google Maps in such a way that data transmission to Google does not take place automatically, but only when you activate the map with a mouse click.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Google Custom Search
Within our website, the “Google custom search” (Google Custom Search Engine “Google CSE”) is used as a central search service. The integrated search service enables a full-text search for contents of the website’s Internet offering. Access to this search function is possible via a search box integrated in the header of the individual web pages.
The search box on these web pages (“search box”) is provided by Google LLC (“Google”) and is installed by us as a software module on our web pages without modification. By entering a search term in the search box and pressing the enter key, the user activates the search function and the search results page is called up, which loads the corresponding search results from Google by means of a plug-in provided by Google. The plugin enables automated communication between the search results page called up and the Google service when the search results page is called up. The use of the search function provided by Google involves a dynamic transfer of data by the Google service provider to the search results page. Data is only transferred to Google after the user has activated the search box, started a full text search and called up the search results page. By using the search function within the search results page, the user’s data is also transferred to Google. When you use the full-text search function and call up the search results page, the search terms you enter and the IP address of the computer you are using are transmitted to Google. If you are logged into Google at the same time, the Google service is able to assign the information directly to your user profile. You should log out to avoid the collection of profile information about you.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from ensuring a comfortable use of our website.
We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Fonts enables us to use external fonts, so-called Google Fonts. For this purpose, the required Google Font is loaded into the browser cache by your web browser when you call up our website. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these fonts is done by a server call, usually at a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of your terminal device is also stored by Google. We have no influence on the scope and further use of the data collected and processed by Google through the use of Google Fonts.
We use Google Fonts for optimisation purposes, in particular to improve the use of our website for you and to make its design more user-friendly. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO.
Further information on Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.
We use the web analysis service software Matomo (see www.matomo.org) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO), we process the following data:
Pseudo-anonymised location (based on the anonymised IP address), browser type and version, the operating system you use, your country of origin, date and time of the server request, the number of visits, the time you spend on the website and the external links you click. The user’s IP address is anonymised before it is stored.
Users can object to the anonymised data collection by the Matomo programme at any time with future effect by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this also results in the opt-out cookie being deleted and must therefore be reactivated by the users. https://matomo.org/privacy-policy/.
Newsletter service provider SendinBlue
This website currently uses SendinBlue to send newsletters. The provider is Sendinblue SAS, 47, rue de la Chaussée d’Antin, 75009 Paris, France. SendinBlue is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving newsletters is stored on SendinBlue’s servers. The hosting servers on which SendinBlue processes and stores the databases are located exclusively in the European Union. SendinBlue undertakes not to carry out any data transfers outside the European Union. If you do not want SendinBlue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link or an e-mail contact in every newsletter message.
With the help of SendinBlue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter. SendinBlue also allows us to subdivide (“cluster”) the newsletter recipients according to different categories. In this way, the newsletters can be better adapted to the respective target groups. For detailed information on the functions of SendinBlue, please see the following link: https://de.sendinblue.com/about/
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this. For more details, please refer to the data protection provisions of SendinBlue at:
Consent management through Usercentrics
We use the Usercentrics Consent Management Platform as a consent management tool as part of the analytics activities on our website.
We process the following data in the process:
- Consent data (anonymised logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
- Device data or data of the devices used (including shortened IP addresses (IP v4, IP v6), device information, timestamp).
- User data or user data (e.g. email, ID, browser information, SettingIDs, changelog)
The ConsentID (contains the above-mentioned data), the Consent status incl. timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing only takes place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to the responsible person (FIELD M) in a compact data format in an easily readable text form for the purpose of data exchange (JSON file).
No user information is stored for the statistics on the use of consent given or not given. Only the frequency and locations of clicks are stored.
The personal data is stored on a Google Cloud server located in the EU (Brussels, Frankfurt am Main).
The purpose of the data processing is to analyse and manage the consent given, in order to comply with our obligation of a DSGVO-compliant consent management. The use of Usercentrics serves the purpose of proving granted and non-granted consents as well as their management.
The specific processing purposes of the designated personal data are:
- Obtaining and providing consent
- Providing evidence of which device you used to provide consent and at what time
- Legitimisation of access to the settings and documentation of changes
The legal basis for the management of your consents for the processing of your personal data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the legally secure documentation and verifiability of consents, the control of marketing measures on the basis of the consent granted and the optimisation of consent rates.
The data is deleted as soon as it is no longer required. The associated cookie has a term of 60 days. The revocation document of a previously granted consent is stored for a period of three years. This retention is based on the one hand on our accountability pursuant to Article 5 (2) of the GDPR. This obliges us to comply with the processing of personal data in accordance with the General Data Protection Regulation. On the other hand, retention is based on the regular limitation period of three years pursuant to Section 195 of the German Civil Code (BGB). This limitation period begins at the end of the year in which the claim arose (§ 199 BGB). Consequently, the three-year limitation period begins at the end of 31 December and ends three years later at midnight on 31 December.
The function can be switched on and off in our “Privacy settings” by checking the checkbox.
Data collection from the hosting provider RAIDBOXES
The hosting services on which this page is based are provided by RAIDBOXES GmbH (Friedrich-Ebert-Straße 7, 48153 Münster, Germany). RAIDBOXES GmbH offers Software as a Service (SaaS) services in the context of cloud hosting.
RAIDBOXES GmbH automatically collects and stores server log files with information that your browser transmits to us. This information includes:
- Browser type
- Operating system
- Referrer URL (previously visited page)
- Host name (IP address)
RAIDBOXES GmbH cannot assign this data to specific persons. This data is not merged with other data sources. The data is deleted after a statistical evaluation after 7 days at the latest. Further information can be found in the data protection regulations of RAIDBOXES GmbH. https://raidboxes.io/datenschutzerklaerung/.
We have also concluded a contract for commissioned data processing (AV). This contract regulates the scope, type and purpose of RAIDBOXES GmbH’s access to data. The access options are limited only to necessary accesses that are required for the fulfilment of the hosting services.
Deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information, if applicable) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract.
The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation).
When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO.
We delete the enquiries if they are no longer required. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
Collection of access data and log files
We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Online presence in social media
We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. DSGVO, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
We receive statistical data of different categories from the operators, such as: total number of page views, “Like” votes, page activities, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin in terms of country and city, language, clicks on route planners and clicks on telephone numbers.
We use the data to make our posts on the operator pages more attractive or to find the right time for publication.
You can find information about the data, for example, at
Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data. We would also like to point out that, according to the “Page Controller Addendum”, there is joint responsibility under Article 26 DSGVO between Facebook and us (https://www.facebook.com/legal/terms/page_controller_addendum).
We use social plugins (“plugins”) of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) and of the microblogging service twitter.com, which is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”).
The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by the Twitter logo (blue bird) or one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the social plugins can be viewed here
To provide the social media plugins, such as the “Recommend” button from Facebook, we use the “Two clicks for more data protection” plugin from Heise-Verlag (https://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html). This means that your data is not sent to the operator of the respective network platform without your consent.
The button is not active by default. The user must first signal by clicking that they now want to communicate with Facebook, for example. Only then are the scripts necessary for this loaded by the operator of the network platform and thus also data transmitted to it. Those who place more value on comfort can also activate the buttons permanently via the gear icon – of course with the associated consequences: Facebook, for example, thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account.
Both Facebook and Twitter are certified under the Privacy Shield agreement and thus offer a guarantee of compliance with European data protection law.
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with the servers of the operators. The content of the plugin is transmitted by the operator directly to the user’s device and integrated into the online offer by the operator. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that the operators collect with the help of this plugin and therefore inform the users according to our state of knowledge.
By integrating the plugins, the operator receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to the operator, Facebook or Twitter can assign the visit to his or her Facebook or Twitter account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to the operator and stored there. If a user is not a member of Facebook or Twitter, there is still the possibility that the operators will find out and store his or her IP address. According to the operators, only an anonymised IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by the operator as well as the relevant rights and setting options for protecting the privacy of the users can be found in the data protection information.
z. E.g. Facebook: https://www.facebook.com/about/privacy/.
If a user is, for example, a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
(This site was translated using the free DeepL Translator: https://www.deepl.com/translator)