I. Contact details of the person legally responsible and the data protection officer
The person responsible in accordance with the General Data Protection Regulation (DSGVO) and the Bremen Implementation Act to the EU General Data Protection Regulation (BremDSGVOAG) is the:
State and University Library Bremen
(hereafter: "SuUB" or "we / us")
Tel: (0421) 218 59400
Fax: (0421) 218 59610
The State and University Library (SuUB) with its nine locations on the university campus and at the universities of applied sciences is an organisational unit of the University of Bremen. It is part of the Authority for Science, Health and Consumer Protection and is subject to its supervision. The SuUB is legally represented by its director Ms. Maria Elisabeth Müller.
The data protection officer is:
Tel: (0421) 218 60211
Fax: (0421) 218 60210
II. Data processing
1. Use of our website
a. Provision of the website and creation of log files
When you visit our website, our web servers automatically save each access in a log file. Until automatic deletion, the following data is stored without further input from the visitor. The following data is recorded:
- Information about the browser type and version used
- Operating system of the user
- Internet service provider of the user
- IP address of the user
- Date and time of access
- Websites from which the system of the user reaches our website
The legal basis for the temporary storage of the aforementioned data and log files is Art. 6 para. 1 lit. f DSGVO.
Our legitimate interest in data processing serves the purpose of rapidly connecting to the website, enabling a user-friendly application of the website, recognizing and ensuring the security and stability of the systems and facilitating and improving the administration of the website.
This data processing is expressly not for the purposes of gaining knowledge of your person.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of the data required to produce the website, this is the case when the session is over.
Further storage is possible if required. This includes evaluating error logs that record pageview errors and internal statistics applications. This is to improve our service, to identify bugs and to tailor our service to your needs as a user. Storage takes place exclusively on servers operated by us. In these cases, if possible, the IP addresses of users are anonymized, so that recognition of the caller client is no longer possible. The legal basis for the storage of the aforementioned data and logfiles is Art. 6 (1) (f) GDPR
b. Contact forms
You will find various online contact forms on the website that you can use to send us messages. The data entered by you in the input mask will be transmitted. We restrict this data to the data required to process your request; the communication of further data by you is purely voluntary. The transmission of data via online forms is fully encrypted (TLS 256-bit).
Alternatively, contact via provided e-mail addresses is possible.
The personal data transmitted by you for the purpose of establishing contact will be handled by us on the legal basis of Art. 6 para. 1 lit. f DSGVO.
The aforementioned data is processed solely for the purposes of the conversation you initiated. A passing on of the data communicated by you to a third party does not take place.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of the personal data from the input mask of the contact form and the personal data transmitted by e-mail, this is so as soon as the respective conversation with the user has ended.
c. Registration forms, e.g. Account Login (user account)
To use some of our offers, in particular to gain access to the electronic publications provided by Pollux, you must first register and later enter user credentials to use the associated online services. The personal data transmitted in this case is derived from the respective input mask used for the registration.
As part of the registration process, the consent of the user for the processing of this data is obtained in accordance with Article 6 paragraph 1 a), if necessary. As a rule, however, data processing takes place on the legal basis of Art. 6 para. 1 b) DSGVO and § 3 BremDSGVOAG.
The registration of the user is required for the provision of certain content and use of certain services on our website.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection or if the contractual relationship ends and there are no grounds for further storage (in particular statutory retention or post-contractual purposes).
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.
It should be noted, however, that disabling cookies may result in the failure to use all features of the website in the best possible way.
3. Web analysis by Matomo (formerly PIWIK)
In our website we use Matomo (formerly "PIWIK"). This is an open-source software with which we can analyze the use of our website. Here, your IP address, the page(s) of our website you visit, the website from which you have accessed our website (referrer URL), the length of your stay on our website and the frequency of access of one of our webpages is processed.
To record this data Matomo stores a cookie on your device via your internet browser. This cookie is valid for one week. Legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis and optimization of our website.
However, we use Matomo with the anonymization function "Automatically Anonymize Visitor IPs". This anonymization feature truncates your IP address by two bytes, making it impossible to associate it with you or the internet connection you are using. This means that any personal reference in the data is already deleted upon its collection.
If you do not agree with this use of data, you have the option to prevent the storage of cookies by changing the settings in your internet browser. For more information, see "Cookies" above.
III. Passing on your data to third parties
Personal data is transmitted by us only to third parties, if
- the data subject pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO has expressly agreed to the transfer and given their informed consent;
- disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is required to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing their data;
- a legal obligation for the transmission of data according to Art. 6 para. 1 sentence 1 c) GDPR exists, and / or
- this is required for the fulfilment of a contractual relationship with the data subject pursuant to Art. 6 para. 1 sentence 1 b) DSGVO.
In all other cases, personal data will not be disclosed to third parties.
IV. Rights of the data subject
If your personal data is being processed, you are the data subject pursuant to DSGVO and you have the following rights:
- in accordance with Art. 15 DSGVO, to request information about your personal data that is being processed by us;
- in accordance with Art. 16 DSGVO, to demand the correction of incorrect personal data or the completion of incomplete personal data stored with us;
- to demand the deletion of your personal data stored with us, in accordance with Art. 17 DSGVO, unless the processing is necessary for the fulfilment of a legal obligation, for reasons of the public interest or for the assertion, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to demand the limitation of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful, but you reject the deletion of data and we no longer need it, but if you still require this data, in order to assert, exercise or defend legal claims, or if you have objected to the processing of your data in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you provided us with in a structured, well-established and machine-readable format or to request the transfer to another person responsible;
- pursuant to Art. 7 para. 3 DSGVO, to revoke your once given consent at any time. As a result, we will no longer be allowed to continue the data processing, and
- to complain to a supervisory authority according to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your place of residence or your work place.
- If your personal data is processed on the basis of legitimate interest in accordance with Art. 6 (1) sentence 1 f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are grounds that arise from your particular situation. In the latter case, you have a general right of objection, which is implemented by us without you stating a particular situation.
You may assert your right of objection, revocation and correction in writing to the following address:
State and University Library Bremen
Tel: (0421) 218 59400
Fax: (0421) 218 59610
V. Data security
We use appropriate technical and organizational security measures to protect the data of our users against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our websites are completely hosted on their own servers.
When using our website, we use SSL (Secure Socket Layer) encryption in conjunction with the highest encryption level (256-bit encryption) that is supported by your browser. The fact that a page of our website is transmitted in encrypted form is indicated by the closed representation of the key or lock symbol in the status bar of your browser.
Please note that complete data security cannot be guaranteed when transmitting information via e-mail. We therefore recommend that you use the postal service to transfer confidential information.