The SSOAR services are distributed over two websites. This page provides the ssoar.info-specific privacy policy. The privacy policy for https://www.gesis.org/ssoar is available at https://www.gesis.org/en/institute/imprint/.
We take data privacy seriously and hereby inform you how we process your data, and which claims and rights you are entitled to consistent with privacy law.
This privacy policy can change over time. All changes will be published on this page. We provide you with older versions of this privacy policy on your request. This version's date is 29th May 2018.

Responsible authorities

Data controller
GESIS - Leibniz-Institut für Sozialwissenschaften
Postfach 122155
68072 Mannheim
Germany
Tel.: +49 (0)621 - 1246-0
Fax: +49 (0)621 - 1246-100
Email: info@gesis.org

Data protection officer
GESIS - Leibniz-Institut für Sozialwissenschaften
Datenschutzbeauftragter
Postfach 122155
68072 Mannheim
Germany
Email: datenschutz@gesis.org

Purposes and lawful basis for processing your data

We process personally identifiable data in accordance with the General Data Protection Regulation (GDPR), the German Bundesdatenschutzgesetz (BDSG) and other applicable data protection rules (details follow). The particular data being processed and how it is used essentially depends on the individual requested or agreed service. You can find further details or extensions on the data processing purposes in the particular contractual documents, forms, informed consent, or additionally provided information (e.g., while using our website). Furthermore, this privacy policy can change over time.

Purposes for processing your data due to our legitimate interests or those of third parties (article 6(1)(f) GDPR)

In order to protect our legitimate interests or those of third parties it may be required to process your data beyond the purposes defined in a contract, in particular for purposes such as
  • controlling and optimizing by means of requirements analysis;
  • development of new services and products and improvement of existing systems and processes;
  • comparing it with European and international anti-terrorist lists, insofar as it goes beyond legal obligations;
  • enriching our data, e.g. by using publicly available data;
  • statistical evaluation or market analysis;
  • benchmarking;
  • enforcing legal claims and defense in the case of legal disputes which may not directly relate to a contractual relationship;
  • limited data storage, if deletion of that data is not possible or only possible with disproportionate efforts due to the unique kind of data storage;
  • preventing and solving crimes, not limited to legal requirements;
  • internal and external investigations and security audits.

Purposes for processing your data due to your consent (article 6(1)(a) GDPR)

We may process your personally identifiable data for specific purposes (such as using your email address for contacting you) due to your informed consent. In general, you can withdraw consent at any time. This also applies to informed consents you gave us before the GDPR came into effect, i.e. prior to 25th May 2018. We provide you with information about the purposes of each consent in the text accompanying the consent, as well as provide information about consequences of withdrawal and non-granting.
In general, withdrawal of consent takes effect for the future only. Processings based on consent and which happened before withdrawal are not affected and remain lawful.

Purposes for fulfilling legal requirements (article 6(1)(c) GDPR) or in the public interest (article 6(1)(e) GDPR)

We are subject to different legal obligations. Primarily, these are statutory requirements (such as trade and tax laws), but it may include supervisory and other regulatory requirements as well. Purposes for processing data may include identity and age verification, fraud prevention, and fulfillment of monitoring and reporting obligations under tax law. Data may be archived for data protection and security purposes, as well as for audits by tax and other authorities. Furthermore, it may be required to disclose personally identifiable data due to authority or judicial measures for the purposes of evidence collection, prosecution, or enforcement of claims under civil law.

Data categories of data processed by us, as long as we do not receive data directly from you, and its origin

If required for fulfilling our services, we may process personally identifiable data which we receive from organizations and other third parties (such as metadata providers and publishers) in a lawful manner. Furthermore, we may process personally identifiable data which we lawfully collected, received, or acquired from publicly available sources (such as civil registers, the Internet, and other media), and we are allowed to process such data in accordance with statutory provisions.
In particular, relevant personally identifiable data categories may be:
  • personal data (name and similar data)
  • contact data (address, email address, telephone number, and similar data)
  • data about your use of our provided telemedia (e.g., access time to our website, apps, or newsletters, clicked pages and links, IP address, browser information, and similar data)

Personally identifiable data we receive from you directly, and its purposes

You may directly provide us with personally identifiable data in situations such as signing a contract, when giving consent, or during your registration process. In the following, we give an overview of the purposes for this data.
  • Your email address. We use your email address: to allow you to register and login to our website; to send you a password reset link; to inform you about new publications in disciplines you have subscribed to; to inform you about service-relevant information such as changes to our service offerings or technical issues; to get in contact with you for inquiries regarding your submitted publications.
  • Your telephone number. We use your telephone number in exceptional situations only for the purpose of getting in direct contact with you.
  • Your first name and last name. We use your first name and last name in contracts and Terms of Use agreements you conclude with us; and to personalize emails we send to you.

Recipients or categories of recipients of your data

Within our institute, your data will be forwarded to those internal offices and organizational units which require it in order to support or fulfill our contractual and legal obligations, our provided services, or our legitimate interests. Your data is forwarded to third parties solely
  • in connection with contract processing;
  • for purposes of fulfilling legal obligations if we are obligated to answer inquiries, to give notifications, or to disseminate data; or if such data dissemination is in the public interest;
  • to the extent that external service providers commissioned by us process data as contract processors (e.g., external data centers, IT software support and maintenance, archiving, controlling, data validation and plausibility checking, data destruction, customer administration, marketing, media technology, research, website management, printing services, and data disposal services);
  • due to our legitimate interests or those of a third party for the purposes mentioned under "Purposes for processing your data due to our legitimate interests or those of third parties" (e.g., government authorities, attorneys, courts of law, expert witnesses, and committees and supervisory bodies of our institute);
  • if you gave us consent to forward that data to third parties.
If we commission service providers for processing data, your data is protected by the GDPR protection standards. These data recipients are only allowed to process your data for the specific purpose they are tasked to fulfill.

Storage duration of your data

We process and store your data for the duration of our business relationship. This includes contract initiation (pre-contractual legal relationship) and contract execution.
Furthermore, we are subject to various retention and documentation obligations. Statutory time periods for retention and documentation may last up to ten years after the end of a business relationship or a pre-contractual legal relationship.
In addition, special statutory provisions may require longer retention, such as the preservation of evidence in connection with statutes of limitations. Under §§ 195 et seq. German Bürgerliches Gesetzbuch (BGB), the conventional statute of limitation is three years; however, limitation periods of up to 30 years may also apply.
Data is deleted once it is no longer required for contractual or legal obligations and rights unless said data is - for a limited period - required for processing in order to fulfill purposes listed under "Purposes for processing your data due to our legitimate interests or those of third parties" due to an overriding legitimate interest. Such an overriding legitimate interest may for example exist if deletion of data is not possible or only possible with disproportionate efforts due to the unique kind of data storage, and processing of this data for other purposes is prevented by appropriate technical and organizational measures.

Your data protection rights

Under certain conditions you can assert your data protection rights against us.
  • You have the right to receive information on your data stored by us in accordance with the rules of article 15 GDPR (if applicable with restrictions in accordance with § 34 BDSG).
  • On your request, we shall correct your data in accordance with article 16 GDPR if such data is incorrect or flawed.
  • On your request, we shall delete your data in accordance with the principles of article 17 GDPR if other statutory provisions (e.g., statutory retention obligations or restrictions according to § 35 BDSG) or an overriding legitimate interest on our side (e.g., to defend our rights and claims) do not prevent us to do so.
  • Taking into account the preconditions laid down in article 18 GDPR, you can request to restrict processing of your data.
  • Furthermore, you have the right to file an objection against the processing of your data in accordance with article 21 GDPR, which means that we have to stop processing your data. However, this right of objection only applies if there exist special circumstances regarding your personal situation, whereby our rights may be opposed to your right of objection.
  • You have the right to receive your data in a structured, common, and machine-readable format, or transfer your data to a third party in accordance with the preconditions laid down in article 20 GDPR.
  • You have the right to withdraw consent to processing of personally identifiable data at any time with effect for the future (see "Purposes for processing your data due to your consent").
  • You have the right to file a complaint with a data protection supervisory authority in accordance with article 77 GDPR. However, we recommend to always send a complaint to our data protection officer first.
If possible, your applications for exercising your rights should be sent in written form to the address provided above or to our data protection officer.

Scope of your obligations to provide us with your data

You only need to provide us with data which is necessary to commence and execute a business relationship or pre-contractual legal relationship, or which is required by statutory law. Without such data, we will usually not be able to conclude or execute the contract. This may also relate to data required at a later point in time within the contractual relationship. If we request additional data from you, you will be separately informed of the voluntary nature of this data.

Information on your right of objection (article 21 GDPR)

You have the right to file an objection at any time against the processing of your data which is processed according to article 6 (1)(f) GDPR (processing based on weighing out of interests) or article 6 (1)(e) GDPR (processing in the public interest) if your objection is based on grounds emanating from your special personal situation.
If you file an objection, we will stop processing your personally identifiable data, unless we can demonstrate compelling legitimate reasons warranting protection which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
The objection can be filed informally and should be sent to the following address:

GESIS – Leibniz-Institut für Sozialwissenschaften
Postfach 122155
68072 Mannheim
Germany

Data transmission and usage statistics

When accessing ssoar.info, your browser automatically transmits browsing data to our webserver due to technical reasons. Among other data, it may include access date and time, the referencing website's URL, the requested URL, the amount of data sent, browser type and version, operating system, and your IP address. In accordance with article 6 (1)(f) GDPR, this data is stored in log files separately from other data you provide us while using our services. We are unable to match browsing data with individual persons. This data is used for statistical purposes, and log files will be sanitized from personally identifiable data within fourteen days, subject to the exceptions stated under "Storage duration of your data".

Cookies

ssoar.info uses cookies to provide additional services. This may save data on your computer. You can prevent this by changing your browser's settings and by deleting existing cookies. In case you fully deactivate cookie functionality, some additional services of our website may no longer work correctly for you. We use cookies on the legal basis of article 6 (1)(f) GDPR.
  • ssoar.info uses persistent first-party cookies, for example to provide you context-specific search results along consecutive page views, to automatically login your browser to SSOAR after a restart, and to remember your language settings.
  • etracker.de uses persistent third-party cookies for providing us with anonymized usage data analytics in our legitimate interest. You can find information on how to object to this usage data analytics under section "etracker technologies".

etracker technologies

ssoar.info uses services provided by etracker GmbH (www.etracker.com/en) for usage data analytics. Cookies are used for this purpose to enable statistical analysis of visitor usage of our website. etracker cookies do not contain any information which could identify a user.
On behalf of this website's provider, data produced with etracker is processed and saved solely in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently tested and certified, and has been awarded the data protection seal of approval ePrivacyseal.
Data collection, processing, and storage is carried out on the legal basis of article 6 (1)(f) GDPR with our legitimate interest of optimizing our online services and web presence. Since our users' privacy is particularly important to us, etracker anonymizes their IP addresses as early as possible, and replaces login and device identifiers with a unique, person-unmatchable key. Data is not used for other purposes, is not combined with other data, and is not forwarded to third parties.
You have the right to object to this data collection, processing, and storage at any time with effect for the future. Your objection has no disadvantageous consequences for you. Please note that your objection is expressed and consecutively noticed and respected by our service by setting and checking a persistent opt-out first party cookie within your currently used browser. This means that it is your obligation to set this cookie again, by clicking the opt-out button, in case the opt-out cookie is not or no longer set in your browser. This could be the case, for example, if you delete your browser's cookie storage, if you visit our website with another browser, or if you visit our website while your browser is in incognito mode.

You can find further information on how etracker protects data at https://www.etracker.com/en/data-privacy/.