Data protection

§ 1  Information on how we collect personal data

(1)    This Policy outlines how we collect personal data when you use our website. Personal data refers to all data that can be related to you personally, for example your name, postal address, email addresses and user behaviour.

(2)    The controller under Art. 4 (7) EU General Data Protection Regulation (GDPR) is:

ekz.bibliotheksservice GmbH
Bismarckstr. 3
72764 Reutlingen, Germany
Email: info(at)ekz.de
(Please see our Imprint)

You can contact our Data Protection Officer at:
Datenschutz(at)ekz.de

or by writing to our Data Protection Officer at our postal address.

(3)   When you contact us by email or using one of our contact forms, the data you share (your email address, plus your name and telephone number where applicable) is stored by us in order to respond to your questions. We delete the data generated in connection with this when its storage is no longer required, or we restrict the processing of this data if there is a statutory duty to retain it. By sending your enquiry, you give your consent to the data processing in accordance with Art. 6(1)a) GDPR.

(4)    If we make use of contracted service providers in order to provide individual functions of our service, or if we would like to use your data for marketing purposes, we have set out in detail below how your data is handled and the criteria we apply when determining how long to store your data.

 

§ 2  Your rights

(1)    In your relationship with us, you have the following rights with regard to personal data relating to you:

-    Right to access

-    Right to rectification or erasure

-    Right to restrict the processing

-    Right to object to the processing

-    Right to data portability

(2)    You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

 

§ 3  Collection of personal data when you visit our website

(1)   If you only use our website to obtain information, that is to say, you do not register or send us information by any other means, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data that is technically required in order for us to display our website to you and to ensure its stability and security (legal basis: Art. 6(1)f) GDPR): 

-    IP address

-    Date and time of the request

-    Time zone difference to Greenwich Mean Time (GMT)

-    Content of the request (specific page)

-    Access status/HTTP status code

-    Volume of data transmitted in each case

-    Website from which the request originated

-    Browser

-    Operating system and its interface

-    Language and version of your browser software

(2)    In addition to the data set out above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to your browser and stored on your hard drive, and by means of which specific information is transmitted to the body setting the cookie (in this case, us). Cookies cannot run programs or infect your computer with a virus. They are used to enhance the overall user-friendliness and efficiency of an online presence.

 

(3)    Use of cookies:

a)     This website uses the following types of cookies. Their scope and function are set out below:

–   Transient cookies (see b)

–    Persistent cookies (see c)

b)      Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a session ID, which is used to assign various requests from your browser to the same session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

c)       Persistent cookies are deleted automatically after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time using the security settings in your browser.

d)      You can configure your browser settingsaccording to your preferences and, for example, reject cookies. Please note that, in this case, you may not be able to use all functions of this website.

e)      If you have an account with us, we use cookies so that we can recognise you when you visit our website again. Otherwise you would have to log in each time you visit our website.

f)       The Flash cookies used are not captured by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your device. These objects store the required data independently of the browser you use and do not have an automatic expiration date. If you do not wantFlash cookies to be processed, you must install a suitable add-on, for example Clear Flash Cookies for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by switching your browser to private browsing. We also recommend regularly deleting your cookies and browser history manually.

 

§ 4   Other functions and services available on our website

(1)    Besides the purely informational use of our website, we also offer various services, which you can use if you are interested. You will generally be asked to provide further personal data in this case, which we will use to provide the respective service. The data processing principles set out above apply to the personal data provided.

(2)    In some cases, we make use of external service providers to process your data. These service providers are carefully selected and contracted by us, and they are bound by our instructions and regularly monitored by us.

(3)    We may also share your personal data with third parties if we offer the opportunity to conclude contracts with partners or where similar services are delivered jointly with partners. You can obtain further information on this by providing your personal data or by referring to the description of the service below.

(4)    Where our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we have set out the consequences of this in the description of the service.

 

§ 5   Objecting to the processing of your data or withdrawing your consent

(1)    If you have given your consentto the processing of your data, you can withdrawthis consent at any time. Withdrawing your consent affects the lawfulness of the processing of your personal data after you have notified us of the withdrawal.

(2)    Where we have based the processing of your personal data on the balance of interests, you can objectto the processing. This applies in particular where the processing is not necessary to fulfil a contract with you. We explain this in the following description of the specific functions. If you choose to exercise your right to object, please state the reasons why we should not process your personal data as we have been doing. If you have a legitimate objection, we will examine the situation and will either stop processing your data, or adapt the manner in which we do so, or state our compelling legitimate reasons for continuing to process your data.

(3)    You can, of course, object to the processing of your personal data for marketing and data analysis purposes at any time. You can communicate your objectionto us using the following contact details: 

Email: Datenschutz@ekz.de, ekz.bibliotheksservice GmbH, Bismarckstr. 3, 72764 Reutlingen, Germany

 

§ 6   Use of our online stores

(1)   If you would like to place an order in one of our online stores, in order to conclude the contract, it is necessary for you to provide the personal data that we need to process your order when you register. The mandatory information required to process the contracts is indicated separately. Further information is provided voluntarily. We process the data that you provide in order to process your order. The legal basis for this is Art. 6(1)b) GDPR.

When you create an account as described above, the data that you enter is stored under My Account. The storage of this data is revocable. 

We may also process the data provided by you in order to inform you about other interesting products in our range or to send you emails with technical information.

(2)   Under commercial and fiscal legislation, we are obliged to store your address, payment and order data for a period of ten years.

However, we restrict the processing after two years, which means that your data is only used in compliance with our statutory obligations.

(3)   To prevent unauthorised third parties from accessing your personal data, in particular financial data, the order process is encrypted using TLS technology.

 

§ 7   Newsletter

(1)    By granting your consent, you can subscribe to our newsletter and receive information on our latest interesting offers. The goods and services that we advertise are specified in the declaration of consent.

(2)    We use the so-called double opt-in process for newsletter subscriptions. This means that, after you subscribe, we will send an e-mail to the address that you have provided in which we ask you to confirm that you want to receive the newsletter. If you do not confirm your subscription within seven days, your information will be automatically deleted. We also store the IP addresses that you used as well as the time of subscription and confirmation. The purpose of this procedure is to enable us to document your subscription and to investigate any potential misuse of your personal data.

(3)    The only information we require in order to send you the newsletter is your e-mail address, first name and surname. Additional data is indicated separately and provided on a voluntary basis. After we receive your confirmation, we will store your e-mail address in order to send you the newsletter. The legal basis for this is Art. 6(1)a) GDPR.

(4)    You can withdraw your consentto the sending of the newsletter at any time and unsubscribe from the newsletter. You can do so by clicking the link provided for this purpose in each newsletter e-mail, by using the form newsletter.ekz.de on our website, by sending an email to news@ekz.de or by sending a message to us using the contact details provided on our Imprint page.

(5)    Please note that we analyse your user behaviour when we send the newsletter. For the purposes of the analysis, the emails sent contain “tracking pixels”, which are 1x1 pixel graphic files that are stored on our website. For this analysis, we link the data specified in § 3 and the web beacons with your email address and a unique ID. The data is only collected in pseudonymised form. This means that the IDs are not linked to other personal data relating to you, and any possibility of identifying you as an individual is excluded.

The information will be stored until you unsubscribe from the newsletter. After you unsubscribe from the newsletter, we store the data anonymously and solely for statistical purposes. This type of tracking is not possible if you have disabled the display of images by default in your email software. In this case, the complete newsletter will not be displayed to you, and you may not be able to use all its functions. If you manually enable the display of images, tracking as described above will take place.

 

§ 8   Use of Google Analytics

(1)   This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be truncated by Google prior to this within the Member States of the European Union or other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and Internet usage.

(2)   Google will not associate your IP address transmitted by your browser in connection with Google Analytics with any other data.

(3)   You can preventthe storage of cookiesby configuring your browser settings accordingly. However, please note that, in this case, you may not be able to use all of the functions of this website to their full extent. You can also prevent the collection and processing of data generated by the cookie and related to your use of the website (including your IP address) by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

(4)   This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are truncated before further processing so that they cannot be related to a specific individual. Any possibility of relating the data collected on you to you personally is immediately excluded, and the personal data is deleted immediately.

(5)   We use Google Analytics to analyse the use of our website and in order to make regular improvements. We use the statistics generated to improve our presence and to make it more interesting for you as the user. In the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)f) GDPR.

(6)   Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of service: https://www.google.com/analytics/terms/gb.html, overview on data protection: www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: https://policies.google.com/privacy.

(7)   This website also uses Google Analytics for the cross-device analysis of website traffic, which is performed by means of a user ID. You can disable the cross-device analysis of your user behaviour in your Google account by going to Personal info > Your personal info.

 

§ 9  Use of social media plug-ins

(1)   We currently use the following social media plug-ins: FacebookTwitterXingFlickrand Instagram. We use the so-called two-click solution for these plug-ins. This means that, when you visit our website, no personal data is transmitted to the providers of the plug-ins in the first instance. The plug-in provider can be identified by the branding on the box around its initial letter or its logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider is only notified that you have accessed the respective page of our website if you click on the marked field and thereby activate it. In addition, the data specified in § 3 of this Policy will be transmitted. In the case of Facebook and Xing, IP addresses are anonymised immediately after collection, according to the respective providers in Germany. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (in the USA in the case of US providers). As the plug-in provider collects data, in particular through the use of cookies, we recommend that you delete all cookies in the security settings of your browser before clicking the greyed-out box.

(2)   We have no influence on the data collected or the manner in which it is processed, nor are we aware of the full scope of the data collection, the purposes of the processing or the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.

(3)   The plug-in provider stores the collected data relating to you in the form of user profiles and utilises them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even if users are not logged in) in order to display appropriate advertising and to inform other users of the social media network about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with social media networks and other users so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6(1)f) GDPR.

(4)   The data is transmitted regardless of whether or not you have an account with the plug-in provider and are logged into it. If you are logged into the plug-in provider, the data relating to you collected by us will be directly associated with your account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you routinely log out after using any social media network, and in particular before activating the button, as this prevents the plug-in provider from linking this data to your profile.

(5)   Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the providers’ privacy policies, which are listed below. These policies also contain further information on your rights in this context and the settings to protect your privacy.

(6)   Addresses of the respective plug-in providers and URLs where you can find their privacy policies:

a) FacebookInc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The controller from 25/05/2018: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; https:// www.facebook.com/help/contact/540977946302970

b)  InstagramLLC, 1601 Willow Rd, Menlo Park, CA 96025, a subsidiary of Facebook, see a)

c)  Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

d)  XingAG, Gänsemarkt 43, 20354 Hamburg, Germany; www.xing.com/privacy.

e)  Flickr, a subsidiary of SmugMug Inc., Suite 200, 67 E Evelyn Avenue, Mountain View, CA 94041, USA; https:// www.smugmug.com/about/privacy-flickr; email: help@smugmug.de

We do not know whether Flickr has submitted to the EU-US Privacy Shield.

 

§ 10   Embedding of YouTube videos

(1)   We have embedded YouTube videos on our website. These videos are stored at www.youtube.com and can be played directly from our website. They are all embedded in privacy-enhanced mode. This means that no data relating to you as the user is transmitted to YouTube if you do not play the videos. The data specified in Paragraph 2 is only transmitted if you play the videos. We have no influence on the transmission of this data.

(2)   When you visit this website, YouTube receives the information that you have accessed the respective sub-page of our website. In addition, the data specified in § 3 of this Policy will be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged into or if such a user account is non-existent. If you are logged into Google, your data will be directly associated with your account. If you do not want to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data in the form of user profiles and utilises them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is conducted in particular (even if users are not logged in) in order to display appropriate advertising and to inform other users of the social media network about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact YouTube in order to exercise this right.

(3)   Further information on the purpose and scope of the data collection and processing by YouTube can be found in its privacy policy. This Policy also contains further information on your rights in this context and the settings to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

§ 11   Embedding of Google Maps

(1)   We use the Google Maps service on this website. This enables us to display interactive maps directly on our website and allows you to use the map function for your convenience.

(2)   When you visit this website, Google receives the information that you have accessed the respective sub-page of our website. In addition, the data specified in § 3 of this Policy will be transmitted. This occurs regardless of whether Google provides a user account that you are logged into or if such a user account is non-existent. If you are logged into Google, your data will be directly associated with your account. If you do not want to be associated with your Google profile, you must log out before activating the button. Google stores your data in the form of user profiles and utilises them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is conducted in particular (even if users are not logged in) in order to display appropriate advertising and to inform other users of the social media network about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact Google in order to exercise this right.

(3)   Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the provider’s privacy policy. This policy also contains further information on your rights in this context and the configuration options to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.