Privacy policy

 

General information

With the following data protection information, we, Deutsches Zentrum für Astrophysik gGmbH (DZA) 
Postplatz 1 | 02826 Görlitz, as the controller within the meaning of the General Data Protection Regulation (GDPR), explain which personal data we process when you visit our website and use our online services. In addition, the Telecommunications Digital Services Act (TDDDG) applies to our website. We would like to point out that, by default, all data transmissions in connection with our website are carried out via an encrypted connection.

We reserve the right to occasionally amend our data protection information so that it always complies with current legal requirements or to reflect changes to our services. We therefore recommend that you read the data protection information regularly to stay up to date on the protection of the personal data we process.

 

Logging and creation of log files

When you access our website, a range of technical data is logged. This general data and information is stored in the server's log files. Your IP address, browser identification and domain, the name of the file accessed, the date and time of access, the amount of data transferred and the successful access are recorded in a log file. The processing of personal data is carried out for the purpose of providing the website, as well as for troubleshooting and investigating misuse or fraud, on the basis of a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f) GDPR. The log files are deleted after seven days.

 

Use of cookies

We use cookies on our website. Cookies enable us to optimise the information and offers on our website for the benefit of the user. Cookies allow us to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website.

Cookies are used on our website in connection with the following services:

  • Google reCaptcha, Google Ireland Limited – Captcha service
    To check and prevent interactions on our website by automated access using so-called bots, we use Google reCaptcha, a Captcha service provided by Google Ireland Limited (‘Google’), using European server locations. To achieve the stated processing purpose, the service stores a cookie for the duration of the query, transmits your input to Google and reuses it there. By using the service, Google can therefore determine from which website a request is sent and from which IP address you are using the so-called reCaptcha input box. In addition to your IP address, Google may collect other information that is necessary for the provision and guarantee of this service.

    Since, based on the information available to us, it cannot be ruled out with certainty that Google will combine the personal data processed in this context with other Google data and use it for advertising purposes, among other things, we only integrate Google reCaptcha on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. In accordance with Art. 49 (1) sentence 1 lit. a) GDPR, your declaration of consent expressly includes the possible worldwide transfer and processing of data by other companies within the Google LLC group. In this regard, we would like to expressly point out any risks, such as the more difficult enforcement of data protection rights of data subjects. 

    For the purpose and scope of data processing by Google, as well as your rights and settings options for protecting your privacy, please refer to Google's privacy policy.

Furthermore, only strictly necessary cookies are used on our website in accordance with Section 25 (2) No. 2 TDDDG. The subsequent processing of your personal data is based on our overriding legitimate interest in accordance with Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest here is to ensure user-friendliness, to guarantee that the website is provided in compliance with data protection regulations, and to ensure the unrestricted technical functionality of the website. These cookies are stored for a maximum of 180 days.

 

Integrated services

  • Matomo – web analysis 
    Based on your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR, we use the web analysis service Matomo to improve our website. To implement a data protection-friendly application of the analysis, the open source software Matomo is operated on the servers of the responsible body and without the use of cookies. Returning visitors to our website are recognised by means of a so-called digital fingerprint, which is stored in anonymised form only.  In addition, user movements are processed in anonymised form with the help of IP addresses and browser-side user settings, so that we cannot identify individual visitors to our website. Further information on the functionality of the Matomo web analysis service can be found on the provider's website.
     
  • YouTube, Google Ireland Limited – Display of video content
    With your consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 4 No. 11, Art. 7 GDPR, we use the YouTube embedding function on our website to display and play YouTube videos. Any processing of your personal data associated with the integration is based on your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. In accordance with Art. 49 (1) sentence 1 lit. a) GDPR, your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other Google LLC group companies. In this regard, we would like to expressly point out any risks, such as the extensive access rights of investigative authorities and the difficulty of enforcing data protection rights of data subjects.

    When the video content is displayed, the user's IP address and other browser-related information is transmitted to Google. By embedding the videos in extended data protection mode, no further personal data is processed. Only when you click on the video to view it is additional information transmitted to Google so that the video content can be displayed. If you are logged in to YouTube as a user, Google assigns this information to your personal user accounts.

    For information on the purpose and scope of data processing by Google, as well as your rights and settings options for protecting your privacy, please refer to Google's privacy policy.
     
  • Sendinblue, Sendinblue GmbH (trading under the brand name ‘Brevo’) – Email dispatch
    In order to provide our newsletter service, we integrate a form field from our service provider Sendinblue for entering email addresses on our website on the basis of a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f) GDPR. A contract for order processing in accordance with Art. 28 GDPR has been concluded with Sendinblue for the provision of the newsletter service.

    In order to provide our newsletter service, we integrate a form field for the provision of a newsletter on the basis of a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f) GDPR.

    Registration for the newsletter always takes place within the scope of your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. We only need your email address to deliver the newsletter. To ensure the accuracy of your details and to verify your consent, you will receive a confirmation email from us. Based on previous case law, we log your email address, your IP address and the date and time of registration and confirmation when you register for the newsletter.

    You may, of course, withdraw your consent at any time in the future. To do so, please use the unsubscribe link provided at the end of each email notification from us. Your personal email address will then be deleted from our records and you will no longer receive any further notifications by email.

 

Blogs and publication media

We use blogs and similar means of online communication and publication. Here, various user data (e.g. website visitors or users of online services) is collected and processed on the basis of contract fulfilment in accordance with Art. 6(1)(b) GDPR and our legitimate interests in accordance with Art. 6(1)(f) GDPR. This includes, for example, name, address, email address, telephone number, entries in online forms, websites visited, interest in content, access times, device information and IP addresses. The processing of personal data serves the purpose of providing contractual services, pre-contractual enquiries, customer service and feedback. 

 

Processing of applicant data

When you apply for a position with us, we process the information we receive from you during the application process, e.g. through your application letter, CV, references, correspondence, telephone or verbal information, or when you use the contact form provided on our website. In addition to your contact details, we are particularly interested in information about your education, qualifications, work experience and skills.

Your data will initially be processed exclusively for the purpose of the application process. If your application is successful, it will become part of your personnel file and will be used for the purpose of implementing and terminating the employment relationship and will be deleted in accordance with the regulations applicable to personnel files. If you withdraw your application, we will of course delete your data. Please note that any false statements or omissions may result in rejection or subsequent contestation of the employment contract.

The legal basis for data processing in the application process and as part of the personnel file is Art. 6 (1) (b) GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process, your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (2) BDSG, Art. 7 GDPR. You may also revoke your consent at any time with effect for the future. The data concerned will then be deleted immediately. In this case, please send your revocation to kontakt@dzastro.de, stating your full name and email address. In cases provided for by law, the deletion may be replaced by a blocking of the data. 

Please note that CVs, references and other data you provide for application purposes may contain special categories of personal data within the meaning of Article 9(1) of the GDPR. We do not generally require special categories of personal data for the application process. We kindly ask you not to send us any such information in advance. If, in exceptional cases, such information is relevant to the application process, we will process it together with your other application data. This may, for example, concern information about a severe disability, which you can provide to us voluntarily and which we then have to process in order to fulfil our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or fulfil legal obligations under labour law, social security law and social protection law. The legal basis for data processing is Art. 9 (2) (b) GDPR in conjunction with Section 26 (3) BDSG.

The transmitted data will be deleted if you withdraw your application (revocation must be sent to kontakt@dzastro.de) or if we are unable to offer you a position, at the earliest six months after the end of the application process. This does not apply if legal provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

 

Links to other websites

Our website contains links to other websites, known as external links. We have no influence over whether the operators of other websites comply with data protection regulations. Please note that by clicking on a link to another website, you are subject to different data protection regulations. We have no influence over data processing on those websites. External links are marked as such in accordance with Section 19 (3) of the German Telemedia Act (TDDDG).

 

Use of service providers to provide the website

To provide the website, we use service providers who process personal data on behalf of the responsible body or through whom access to personal data cannot be ruled out. We have concluded contracts with all of these service providers for order processing in accordance with Art. 28 GDPR. In addition to the service providers already mentioned, these include webgo GmbH, Wendenstraße 8–12, 20097 Hamburg (hosting).

 

Data protection information regarding our social media presence

In order to actively communicate with users and provide information about our activities, we maintain a number of different social media accounts, in some cases in joint responsibility with the social network operators listed below.

In the context of user utilisation of our presences on the social networks listed below, we would like to point out that users' personal data may also be processed by the operators of social networks outside the European Union and outside the European Economic Area. This may result in risks for users, for example in the form of difficulties in enforcing data protection rights. At the same time, however, we would like to point out that, if the operators of the social networks support this, agreements on joint responsibility in accordance with Art. 26 GDPR and standard data protection clauses in accordance with Art. 46 (2) lit. c) GDPR will be concluded.

Furthermore, we would like to point out that users' personal data is generally also processed by social network operators for their own market research and advertising purposes. Any usage profiles generated from usage behaviour can also be used to display interest-based advertisements outside of social networks. To this end, social network operators usually store cookies on users' computers so that device information, usage behaviour and user interests can be processed even if the user does not have a profile on the respective network. For further information on this and on any options for objection, please refer to the data protection information and further notes of the respective social network operators, which we have linked for you below.

The following also applies to the processing of personal data:

  • Categories of data processed
    The categories of data processed include inventory data (e.g. names), contact details (e.g. email addresses), content data (e.g. text entries), usage data (e.g. interest in content) and meta and communication data (e.g. device information and IP addresses).
     
  • Purpose and legal basis of processing
    Data processing is carried out, insofar as it is our responsibility, for the purposes of providing information, communication, marketing and measuring reach. The operation of social media presences is based on a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, whereby the respective interests arise from the aforementioned purposes.
     
  • Storage period
    The data categories processed by us are stored solely within the respective social network. In most cases, we have no influence on the specific storage period, as this is determined by the providers of the social networks. Information on this can be found in the data protection information of the respective provider. If we can influence the storage period in individual cases, deletion takes place after the purpose has been fulfilled, taking into account the statutory retention obligations.

 

Services and service providers used by us and network-specific information

Below, we provide information about the services and service providers we use, as well as network-specific information, naming the respective responsible bodies within the EU/EEA and those outside it. We do not transfer any data beyond this.

  • LinkedIn, LinkedIn Ireland Unlimited Company / LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA
    • Data protection information
    • Agreement on the joint processing of personal data on LinkedIn pages
    • Option to object to targeted advertising

 

  • YouTube, Google Ireland Limited / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
    • Data protection information
    • Option to object to targeted advertising
    • Browser add-on to deactivate Google Analytics

 

Rights of data subjects and contact details for the data protection officer

Data subjects may at any time request information about their personal data and, if necessary, request correction or deletion or restriction of processing, or object to processing. They also have the right to data portability. Furthermore, if data processing is carried out on the basis of consent, this consent may be revoked at any time with future effect. To exercise your rights, please contact our data protection officer, the Dresden Institute for Data Protection, at datenschutz@dzastro.de (further contact details at www.dids.de). In addition, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you suspect that the processing of personal data is unlawful.