Data privacy statement

I Name and address of data controller

II. Contact information of the data protection officer

III. General information of data procession

IV. Provision of ZDB catalogue and generation of logfiles

V. Use of cookies

VI. Contact form and e-mail contact

VII. Web analytics by etracker

VIII. Rights of data subject

The German National Library takes the protection of your personal data very seriously. You have the right to know which data is collected, when it is collected, and how it is processed. We have implemented technical and organisational measures to ensure that data protection regulations are complied with.

Amendments to this data protection declaration may become necessary as we develop our website and implement new technologies in order to improve the service we offer you. For this reason, we recommend you reread this data protection declaration from time to time.

I. Name and address of data controller

Data controller within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other data protection legislation:

II. Contact information of the data protection officer

III. General information of data procession

1. Scope of personal data processing

In general, we only process personal data collected from our users insofar as this is necessary for the provision of a functional web presence, our content and our services.

2. Legal basis for the processing of personal data

Art. 6(1) f) GDPR serves as the legal basis when processing is necessary to safeguard the legitimate interests of the German National Library or a third party, and provided these legitimate interests are not outweighed by your interests and fundamental rights and freedoms.

3. Data erasure and storage period

Your personal data will be erased or blocked as soon as the purpose for which it was stored ceases to apply. Personal data may also be stored if so specified by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. In such instances, personal data is blocked or erased when a storage period specified in any of the above-mentioned legislation expires, except in cases where the data has to be retained for longer in order to conclude or execute a contract.

IV. Provision of ZDB catalogue and generation of logfiles

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data is collected:

1. Information about the browser type and version used
2. The operating system
3. The internet service provider
4. The IP address
5. The date and time at which the ZDB catalogue was accessed
6. Web pages accessed through the ZDB catalogue by your system.

This data is also stored in our system's log files. However, it is not stored together with your personal data.

2. Legal basis fort he processing of data

The legal basis for the temporary storage of data and log files is Art. 6(1) f) GDPR.

3. Purpose of data processing

Temporary storage of the your IP address by the system is necessary in order to facilitate website transmission to the user's computer. Your IP address accordingly has to be stored for the duration of the session.

This data is stored in log files in order to safeguard the functionality of the website. We also use the data to optimise the ZDB catalogue and safeguard the security of our information technology systems. Data collected in this context is not evaluated for marketing purposes.

The purposes specified above also constitute our legitimate interest in processing the data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Storage period

Your data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. Data collected in order to provide access to a website is erased when the respective session ends.

Data stored in log files is erased after no more than 14 days. However, data can be stored for longer periods. In such cases, the user's IP address is erased or masked so that it can no longer be associated with the accessing client.

5. Right to object and right to erasure

The collection of data for ZDB catalogue provision and the storage of data in log files are absolutely essential to the operation of the website. There is therefore no way in which you can object to this.

V. Use of cookies

The ZDB catalog only uses technically necessary cookies that do not process any personal data. Consent is not required for this type of cookie.

VI. Contact form and e-mail contact

1. Description and scope of data processing

You can contact us using the e-mail addresses provided.

If you contact us via the e-mail addresses postfach@dnb.de or datenschutzbeauftragter@dnb.de, the privacy policy described on this website applies.

The contact forms included on the catalogue pages can be used to contact our cooperation partner, the Staatsbibliothek zu Berlin. When using the contact forms, the data protection conditions linked in the contact forms shall apply.

2. Legal basis for the processing of data

The legal basis for processing data that is transmitted when sending an e-mail to postfach@dnb.de or datenschutzbeauftragter@dnb.de is Art. 6(1) f) GDPR.

3. Purpose of data processing

Personal data you use in e-mail to postfach@dnb.de or datenschutzbeauftragter@dnb.de is processed solely for the purpose of responding to correspondence.

4. Storage period

The data is erased as soon as it is no longer required in order to fulfil the purpose for which it was collected. In the case of personal data sent by e-mail to postfach@dnb.de or datenschutzbeauftragter@dnb.de, this is the case when your correspondence is terminated. Correspondence is deemed to have been terminated when it can be inferred from the circumstances that the facts in question have been clarified once and for all.

5. Right to object and right to erasure

You are entitled to withdraw your consent to the processing of your personal data at any time. If you contact us by e-mail via postfach@dnb.de or datenschutzbeauftragter@dnb.de, you can object to the storage of your personal data at any time. If this right is exercised, it will no longer be possible to continue the correspondence. In this instance, all personal data stored during the course of the correspondence will be erased.

VII. Web analytics by etracker

We use the services of etracker GmbH from Hamburg, Germany to analyze usage data. No personal data is processed and no cookies are set for web analytics.

VIII. Rights of data subject

If your personal data is being processed, the GDPR defines you as a data subject and you have the following rights vis-a-vis the data controller:

1. Right to information

You can ask the data controller to confirm whether your personal data is being processed.

If this is the case, you can request the controller to provide the following information:

1. the purposes for which your personal data is being processed;
2. the categories of personal data that are being processed;
3. the recipients or categories of recipient to whom your personal data has been or is to be disclosed;
4. the envisaged period for which your personal data will be stored, or, if no specific information can be provided, the criteria used to determine that period;
5. the existence of a right to request the controller to rectify or erase your personal data, to restrict the controller's processing of your personal data, or to object to such processing;
6. the existence of a right to complain to a supervisory authority;
7. where the personal data is not collected from the data subject, any available information as to its source. You also have the right to request information as to whether your personal data is to be transferred to a third country or an international organisation. If this is the case, you can also request information concerning the safeguards provided for the transfer of personal data in accordance with Art. 46 GDPR.

2. Right to rectification

You have the right to request the controller to rectify and/or complete your personal data insofar as that of your personal data being processed is incorrect or incomplete. If this is the case, the controller must rectify the data immediately.

3. Right to restriction of processing

You are entitled to request restrictions on the processing of your personal data in the following circumstances:

1. if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
2. if your personal data is being processed unlawfully, you refuse to have it deleted and instead demand restrictions on the processing of your personal data;
3. if the controller no longer needs the personal data for the purposes for which it was processed but you still need it for the establishment, exercise, or defence of legal claims; or
4. if you have objected to the processing of your data pursuant to Article 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds of the controller override yours.

If the processing of your personal data has been restricted, this data may - with the exception of storage - only be processed with your consent, or to establish, exercise, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest within the EU or an EU member state.

If you have obtained restriction of processing under the conditions specified above, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You may request the controller to erase your personal data without delay, in which case the controller is obliged to erase the data without delay where one of the following grounds applies:

1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You withdraw the consent on which the processing is based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there are no other legal grounds for the processing.
3. You object to the processing of your data pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing of your data pursuant to Art. 21 para. 2 GDPR.
4. Your personal data has been processed unlawfully.
5. Your personal data has to be erased for compliance with a legal obligation in EU or member state law to which the controller is subject.
6. Your personal data has been collected in connection with the offer of information society services referred to in Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made your personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase it, the controller, taking account of the technology available and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers who are processing your personal data that you, as the data subject, have requested the erasure of any links to, or copy or replication of, your personal data.

c) Exceptions

The right to erasure does not exist insofar as processing is necessary

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation according to which processing is required by EU or member state law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h, i and Art. 9 para. 3 GDPR;
4. for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in point a is likely to render impossible or seriously impair the achievement of the objectives of the processing; or
5. for the establishment, exercise or defence of legal claims.

5. Right to notification

If you exercise your right to rectification or erasure of personal data or restriction of processing, the controller is obliged to communicate this to all recipients to whom your personal data has been disclosed unless this proves impossible or involves disproportionate effort.

The controller is obliged to inform you about these recipients if so requested.

6. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to any processing of your personal data effected on the basis of Art. 6 para. 1 lit. e or f GDPR.

If this right is exercised, the controller will cease processing your personal data unless he/she can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the data has to be processed for the establishment, exercise, or defence of legal claims.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications

7. Right to withdraw the declaration of consent provided in compliance with data protection legislation

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of your consent will not affect the lawfulness of processing effected on the basis of your consent before it is withdrawn.

8. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged violation, if you consider that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Do you have any questions? You can contact the German National Library's Data Protection Officer at datenschutzbeauftragter@dnb.de.

Last changes: 03.04.2024