In the following data protection information, we (the controller within the meaning of the General Data Protection Regulation) explain what personal data we collect about you when you visit our website www.wissenschaftspark-leipzig.de or use our online services there. Personal data is all data with which you can be personally identified. The website is hosted on an internal server of the company Dogado.

Wissenschaftspark Leipzig-Permoserstraße e.V.
Permoserstraße 15
04318 Leipzig
Germany
Phone: +49 (0)341 6025 1228
Email: info(at)wissenschaftspark-leipzig.de
Website: www.wissenschaftspark-leipzig.de

1. Scope of processing of personal data

We only process the personal data of our users insofar as this is necessary to provide a functional website and to provide our content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data


Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR will serve as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the Wissenschaftspark or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR will serve as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

1. Description and scope of the data processing


Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer in a local log file.

The following data is collected if it is transmitted by the user’s system:

1. Hostname / IP of the user
2. Exact time the page was accessed
3. Accessed URL
4. HTTP Status Code
5. Transmitted bytes of the requested URL
6. If available, the referrer (referring page)
7. Information about the user´s Browser and PC

Before storage, each data record is anonymised by changing the IP address. The data is not stored together with other personal data of the user.


2. Legal basis for the data processing 


The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. 


3. Purpose of the data processing 


Temporary storage of the IP address is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context. 
These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.


4. Duration of storage


The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is collected to provide the website, it is deleted when the respective session has ended. If the data is stored in log files, it is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.


5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.


1. Description and scope of data processing


We use technically necessary and temporary cookies on our website. We do not use persistent cookies or Flash cookies.
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When users access a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The following data is stored and transmitted in the cookies:

• Language settings
• Log-in information
• Earlier visit to prevent new pop-up adverts
• Session information for web services.

Cookies are stored on the user’s computer and transmitted from there to our website. Users therefore also have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing the settings in their Internet browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of our website to their full extent.

2. Legal basis for data processing 


The legal basis for the data processing is Article 6(1)(f) GDPR and § 25 para. 2 no. 2 Telecommunications-Telemedia Data Protection Act (TTDSG).

3. Purpose of data processing


The purpose of using technically necessary cookies is to enable basic functions of this website and to simplify the use of our website for users. 
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR. 
The user data collected by technically necessary cookies are not used to create user profiles.


4. Duration of storage


The cookies are deleted after the browser is closed.


1. Description and scope of data processing


We use the open source software tool Matomo on our website to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer. 
If individual subsites of our website are accessed, the following data is stored:

• two bytes of the IP address of the user’s calling system,
• the website accessed and the time of access,
• the website from which the user accessed the website (referrer),
• the subsites that are accessed from the website accessed,
• the time spent on the website,
• the frequency of visits to the website
• which browser with which plugins, which operating system and which screen resolution is used.

he software runs exclusively on the servers of our website. The data is only stored there. The data is not passed on to third parties. 
The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the truncated IP address to the accessing computer, so that you as the user remain anonymous. This data is not stored together with other personal data of the user. 


2. Legal basis for the data 


The legal basis for the processing of users’ personal data is Article 6(1)(a) GDPR.

3. Purpose of data processing


The processing of users’ personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. 


4. Duration of storage


The data is deleted as soon as it is no longer required for our recording purposes. The deletion takes place after 6 months.

5. Possibility of objection and removal


Users have the following options:

a) Activate the “Do-Not-Track” setting in the browser

As long as this setting is active, no user data is saved. Important: The do-not-track instruction generally only applies to the one device and browser in which the setting has been activated. If several devices/browsers are used, the “Do-Not-Track” setting must be activated separately everywhere.

b) Use of the opt-out function 

Data collection is stopped or reactivated by clicking the tick in the following checkbox. As long as the checkbox is deactivated, no user data will be saved. Important: To opt out, we must store an opt-out-cookie in the user’s browser. If this is deleted or a different device/browser is used, the opt-out-cookie must be activated again.
Further information on the privacy settings of the Matomo software can be found at: https://matomo.org/docs/privacy/.

The data subjects whose personal data are processed in the context of the above-mentioned services have the following rights, unless statutory exceptions apply in individual cases:

1. Right to information, Article 15 GDPR

The right to information gives the data subjects comprehensive access to the data concerning them and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in § 34 BDSG apply.


2. Right to rectification, Article 16 GDPR

The right to rectification includes the possibility for the data subjects to have incorrect personal data concerning them corrected.


3. Right to erasure, Article 17 GDPR

The right to erasure includes the possibility for the data subjects to have personal data erased by the controller. However, this is only possible if this data is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in § 35 BDSG apply.


4. Right to restriction of processing, Article 18 GDPR


The right to restriction of processing includes the possibility for the data subjects to temporarily prevent further processing of their personal data. A restriction occurs in particular when other rights of the data subjects are being examined.


5. Right to notification, Article 19 GDPR


If the data subjects have asserted the right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The data subjects have the right to be informed about these recipients.


6. Right to data portability, Article 20 GDPR


The right to data portability includes the possibility for the data subjects to receive the personal data concerning them from the controller in a commonly used, machine-readable format so that they can be forwarded to another controller if necessary. According to Article 20(3) sentence 2 GDPR, however, this right is not available if the data processing serves the fulfilment of public tasks.


7. Right to object, Article 21 GDPR


The data subjects have the right to object to the future processing of personal data concerning them, provided that this data is processed in accordance with Art. 6(1)(e) or (f) GDPR.

8. Right to withdraw the declaration of consent under data protection law, Article 7(3) GDPR


The data subjects have the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


9. Right to lodge a complaint with a supervisory authority, Article 77 GDPR


Without prejudice to any other administrative or judicial remedy, the data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating them infringes the GDPR. The supervisory authority responsible for the Wissenschaftspark is:

The Saxonian Data Safety and Transparency Officer
Postbox 11 01 32, 01330 Dresden
Telephone: +49 351 85471-101
E-Mail: post@sdtb.sachsen.de