Privacy policy:search portal Discovery

This data protection declaration applies to the search portal Discovery of Erfurt University Library 

Controller, Data Protection Officer

President
(Presidium)
Verwaltungsgebäude / Raum 1.40
Anabell Köhler
Data protection officer
(University of Erfurt)
C16 - Universitätsbibliothek / 045
Deputy Data Protection Officer
(University of Erfurt)
C07 - Lehrgebäude 2 / Raum 130d

General information on data processing

Scope of processing

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data is permittet by our Regulations for Library Use (Benutzungsordnung). Users consent to this when registering with the library. All personal data are deleted when registration with the library ends.

Lawful basis

For obtaining the consent subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) in connection with the Regulations for Library Use serves as the legal basis.

If the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks, the legal basis is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG and §16 ThürDSG.

Integration of third-party providers

On the search portal Discovery you can access numerous electronic media that are stored on third-party platforms. These include databases, publishing platforms and aggregators with access to electronic journals and books (e.g. Proquest Ebook Central, SpringerLink and EBSCO). All providers are subject to the GDPR. Please find out which data these third-party providers store and process before using the electronic services.

Privacy policies of third-party providers (selection):

Interfaces to other services

ReDi Links (link resolver)

If an electronic full text is available, an additional button “To electronic full text (ReDi)” appears on the hit display of a title. It links to an electronic text or a page with further information from the service provider (ReDI, Freiburg University Library). For security reasons and for the diagnosis of errors, the service provider stores the IP addresses and other data transmitted by the browser (Apache log files) for 7 days; the service does not have any further personal data. Statistics on the use of the linkresolver are anonymized.

Scanning service

For part of the collection, an additional button “Scan service” appears on the hit display of a title. This allows members of the University of Erfurt to order scans for parts of the holdings of the library. The files are made available on an internal platform (VZG Göttingen). Personal data (after registration in Discovery; name, user number and e-mail address) are transferred to a processing platform via an encrypted connection and stored digitally as part of the process. They are not passed on to third parties and are only used to notify the customer (order confirmation, delivery email, rejection of orders or other queries). The data are deleted once the process has been completed.

Erasure and storage period

Personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

Stored information

The central administration of the Common Library Network /GBV) automatically collects and stores the following information your browser transmits when you access Discovery in its server log files. The legal basis is the agreement on order processing in accordance with Art. 28 EU GDPR:

  • Browser type/ -version
  • Operating system used
  • Website from which the access takes place (referrer)
  • Host name of the requesting computer (IP address)
  • Date and time of the server request
  • Name and URL of the retrieved data
  • Amount of data transmitted
  • Message whether the call was successful (http status code)

These data cannot be assigned to specific persons. It is used for evaluation purposes to ensure system security and stability, to detect misuse and to ensure that our website is easy to use. These data are not merged with other data sources, and the data are regularly deleted after statistical evaluation (max. 5 days). The data will not be passed on to third parties.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR.

Encryption

This site uses SSL encryption for security reasons and to protect the transmission of all content.

You can recognise an encrypted connection when the address line of the browser changes from "http://" to "https://" and by the lock symbol in the address line of your browser.

Cookies

Cookies are small text files that are generated by the web server and sent to your Internet browser, where they are stored or saved. Cookies are used to increase the functionality and convenience of the website for you. A session cookie is created when you use our website. This contains settings (e.g. language or layout selection) and saved titles on the check list and is deleted when the browser is completely closed. Alternatively, users can delete these cookies themselves via their browser.

Website analysis and tracker

Discovery uses an in-house development for the statistical analysis of visitor access and actions. No personal data is stored at any time; the data is only evaluated in anonymized form. Access to this analysis data is password-protected for the administrators of the library. Discocvery does not contain a tracker.

Login to "My area"

On the Discovery pages, users can log in to manage their personal user account, to place orders and reservations by providing personal data. The data for logging into the user account (user number of the library card / thoska and the corresponding password) are stored in the browser for the duration of the session. The data is not passed on to third parties.

The user account contains the following personal data:

  • last name, given name
  • postal address
  • e-mail address
  • end of user authorization

as well as information on borrowings, orders, reservations and fees.

Personal data are recorded in the library system (LBS) when you register as a library user (form) and stored for the duration of the process. They are required for the provision of library services. When orders and/or reservations are submitted, the relevant information is transmitted to us, printed out on order slips and stored in the library system for the duration of the process as well as in printed form as an insert in the corresponding medium.

Contact by e-mail

On the Discovery homepage there is the option of contacting us by e-mail. The data entered in the input mask is transmitted. Your consent is obtained for the processing of the data during the sending process and reference is made to this data protection declaration. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR. The data will not be passed on to third parties.

The legal basis for the processing is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks. The communication of further information by you is voluntary based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be used exclusively for the processing of the conversation. The data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case when the respective conversation with the user has ended.