Extent of data processing
We only process personal data collected from our users insofar as this is necessary for the provision of a functional web presence and our content and services. As a rule, personal data provided by our users is only processed with their consent. One exception is where statutory regulations permit the processing of data.
Legal basis for data processing
Art. 6 (1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis whenever we obtain the consent of the person concerned ("data subject") for the processing of their personal data.
Art. 6 (1)(b) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data which is necessary for performing a contract to which the data subject is a party. The same applies to processing that is required for carrying out pre-contractual measures.
Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR) serves as the legal basis when processing is necessary to safeguard a legitimate interest of AWI or a third party, and provided this legitimate interest is not outweighed by the data subject’s interests and fundamental rights and freedoms.
Data erasure and storage duration
The personal data of the data subject is erased, anonymised or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if required by European or national law in EU regulations, laws or other regulations to which AWI is subject. Blocking, anonymisation or deletion of the data also takes place if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfil the contract.
Controller’s contact details
Data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection legislation as well as any other data protection regulations:
Helmholtz-Zentrum für Polar-und Meeresforschung
Am Handelshafen 12
Contact details of the data protection officer:
The controller's data protection officer is:
Tel.: +49 (471) 4831-1637
Provision of the website and creation of log files
We store data relating to individual visits to our website for statistical purposes to improve the quality of our web pages. This data record consists of:
- the page from which the data file was requested,
- the name of the data file,
- the date and time of the query,
- the quantity of data transmitted,
- the status of access (the file was transmitted or the file was not found),
- a description of the type of web browser used,
- the IP address of the inquiring computer.
The data is stored in the log files of our systems. Storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data and the log files is Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR). Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimise the web pages, to carry out troubleshooting and to ensure the security of our IT systems. These purposes also constitute our legitimate interest in the data processing pursuant to Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR).
The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, the data is deleted when the respective session has ended. If the data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, in which case the IP addresses are deleted or altered so that identification of the calling client is no longer possible.
The collection of data for the purpose of providing the website and storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no right to objection on the part of the user.
- IP address, anonymised through abbreviation
- Two cookies for distinguishing between different visitors (_pk_id.44.a4d7 and _pk_ses.44.a4d7)
- Previously visited URL (referrer), if sent from the browser
- Name and version of the operating system
- Name, version and language setting of the browser
- Visited URLs on this website
- Times of page visits
- Type of HTML enquiries
- Screen resolution and colour depth
- Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)
The storage and evaluation of data is carried out solely on a central server operated by AWI. In addition to the central website www.awi.de, it is also used by most project websites assigned to AWI.
The legal basis for the processing of users’ personal data is Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR). Processing the personal data of users enables us to analyse how our users utilise the website. By evaluating the acquired data, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in the data processing pursuant to Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR). By anonymising the IP address, sufficient consideration is given to the interests of users in protecting their personal data.
The data is erased after formation of the final annual totals for the access statistics.
Of course, you have the option of objecting to the data collection. You have the following independent ways of objecting to data being acquired through the central server:
Activate the “do not track” setting in your browser. As long as this setting is active, our central server will not be able to store any of your data. Important: The “do not track” instruction usually only applies to the device and the browser in which you activate the setting. If you use several devices/browsers, you have to activate “do not track” separately everywhere.
Storage of this data together with other personal data of the user does not take place.
We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page.
- Transferring the browser's language setting: automatic selection of the homepage and spellcheck
- Remembering entered form data: search terms used in the website
User data gathered by technically necessary cookies is not utilised to prepare user profiles. These purposes also constitute our legitimate interest in processing personal data, pursuant to Art. 6 (1)(f) of the EU General Data Protection Regulation (GDPR).
Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilisation of cookies. You can deactivate or restrict the transmission of cookies by changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, you may find that not all of the website's functions can continue to be utilised in full.
Rights of the data subject
As the data subject whose personal data is collected within the scope of the above-mentioned services, you have the following rights, unless any legal exceptions apply in individual cases:
- Information (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 (1) GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent (Art. 7 (3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For AWI, this is the Landesbeauftragte für den Datenschutz und Informationssicherheit (State Data Protection and Freedom of Information Officer), Arndtstrasse 1, 27570 Bremerhaven.
Two clicks for more data protection
In order to protect our users' privacy and data, we use the tried-and-tested two-click process, also known as the Shariff solution, for sharing content in social networks. The use of this process means that our websites are delivered with inactive buttons that do not transfer any data to social networks. Users can nonetheless manually activate the buttons, thereby creating a connection to their preferred network (first click). The second step involves the user then giving their recommendation (second click). Activating one of the buttons in the first step therefore means that the user consents to transmit data to the social network concerned for this one page and for the requested service.
Data protection regulations on the use of Facebook
We have integrated components of Facebook on some of our web pages. Facebook is a social network.
A social network is a social meeting place on the Internet, an online community that generally enables users to communicate with one another and to interact in a virtual space. Among other things, Facebook enables the users of its social network to create private profiles, upload photos and build a network by means of friend requests.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you live outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time you access one of the individual pages of the website operated by us as the controller and on which a Facebook component is integrated, the browser of your IT system is automatically prompted by the Facebook component to download an image of the Facebook component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. In the course of this technical procedure, Facebook receives information about which specific pages of our website you have visited.
If you are logged into Facebook at the same time, Facebook recognises which specific sub-page of our website you visit every time you access our website, for the entire duration of your visit. This information is collected by the Facebook component and assigned to your Facebook account by Facebook.
Facebook will in each case be notified via the Facebook component that you have visited our website, provided you are simultaneously logged into Facebook when accessing our website; this takes place irrespective of whether you click the Facebook component or not. If you do not agree to such transmission of information to Facebook, you can prevent it by logging out of your Facebook account prior to accessing our website.
Facebook’s data policy, which can be retrieved from https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the settings Facebook offers to protect your privacy. In addition, a number of applications are available that make it possible to prevent the transfer of data to Facebook. You can use such applications to prevent your data being transferred to Facebook.
Data protection regulations on the use of Twitter
We have integrated components of Twitter on some of our web pages. Twitter is a multilingual, publicly accessible micro-blogging service where users can publish and share so-called tweets, i.e. short messages limited to 280 characters. These short messages can be accessed by anyone, i.e. also by individuals not registered with Twitter. Twitter makes it possible to address a broader audience via hashtags, links or retweets.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time you access one of the individual web pages operated by us as the controller and on which a Twitter component is integrated, the browser of your IT system is automatically prompted by the Twitter component to download an image of the Twitter component from Twitter. Please see https://help.twitter.com/de/using-twitter/embed-twitter-feed for more information on the Twitter timeline.
If you are logged into Twitter at the same time, Twitter recognises - with each visit of our website on which the Twitter component is used - which specific sub-page of our website you visit. This information is collected by the Twitter component and assigned to your Twitter account by Twitter.
Twitter will in each case be notified via the Twitter component that you have visited our website, provided you are simultaneously logged into Twitter when accessing our website; this takes place irrespective of whether you click the Twitter component or not. If you do not agree to such transmission of information to Twitter, you can prevent it by logging out of your Twitter account prior to accessing our website.
Use of external map services
Data protection regulations on the use of OpenStreetMap
Some of our web pages use OpenStreetMap for showing a site layout. OpenStreetMap® is open data, licensed under the Open Data Commons Open Database Lizenz (ODbL) by the OpenStreetMap Foundation (OSMF).