2) Specific data protection aspects reagrding the use of KartDok
At the Staatsbibliothek zu Berlin – Preußischer Kulturbesitz is located the Special Information Service Cartography and Geodata (SIS Maps), which is funded by the Deutsche Forschungsgemeinschaft (German Research Foundation). The library gives top priority to: responsibly processing your personal data and complying with the principles especially of integrity, confidentiality, purpose limitation and data minimisation during all data processing procedures. In the following, we would like to explain the most important aspects regarding data protection law that are relevant when using KartDok - Repositorium Kartographie (hereinafter referred to as KartDok) or other services available in KartDok.
1) General aspects of data protection at the Staatsbibliothek zu Berlin and related to the use of KartDokYou find this information in Datenschutzerklärung der Staatsbibliothek zu Berlin – Preußischer Kulturbesitz.
2) Specific data protection aspects reagrding the use of KartDok
2.1) Using ePuSta
A registration is not necessary for viewing and downloading contents published in KartDok, nevertheless personal data are stored with the aim to obtain statistical information on the frequency of hits on specific contributions. For this purpose, KartDok uses the tool ePuSta (PDF, 647 KB) (DE) (electronic Publications Statistics) that is run by Verbundzentrale des Gemeinsamen Bibliotheksverbundes (VZG, Platz der Göttinger Sieben 1, D-37073 Göttingen, firstname.lastname@example.org).
2.2) Using Google reCAPTCHA
On this website we use „Google reCAPTCHA“ („reCAPTCHA“ in the following). The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland. reCAPTCHA’s purposes to check whether the data input on this website (e.g. in a contact form) is done by a human or an automatic program. reCAPTCHA analyses the performance of the website user on the basis of different features. This analysis starts automatically, as soon as the user opens the website. reCAPTCHA analyses different information (e.g. IP address, visit duration on the website or the user’s mouse clicks). The data captured during the analysis are transfered to Google.
reCAPTCHA analyses happen completely in the background. It is not pointed out to website visitors that an analysis is done.
- https://policies.google.com/privacy?hl=de (DE) | https://policies.google.com/privacy?hl=en (EN) and
- https://policies.google.com/terms?hl=de (DE) | https://policies.google.com/terms?hl=en (EN).
2.3) Data collection at registration, login and metadata collection
For the use of KartDok as publication platform for Open Access publishing exclusively of texts, research data, videos and audio documents related to the field of cartography, geovisualization, and geoinformation it is compulsory to register in person. According to Art. 4 No. 11 of the GDPR the Staatsbibliothek zu Berlin – Preußischer Kulturbesitz regards this registration as consent to the processing of the provided personal data. For the registration in KartDok it is mandatory to provide first name and last name of the author or another person who was entrusted with publishing a contribution (e.g. a secretariat), as well as an e-mail address. In addition, the server will log date and time of the last login into the respective account. Regarding personal data in the server based user accounts have access: responsible staff members of the data processor and also a KartDok staff member who has the necessary administration rights. E-mails sent in connection with the first registration and the publishing of the submitted documents are visible for all KartDok team members. As the storage of personal data in this case most probably does not result in a high risk to the rights and freedoms of the person concerned, a data impact assessment may not be necessary.
For the purpose of Open Access publishing of contributions for the field of cartography, geovisualization, and geoinformation is queried for these contributions formal as well as content-related descriptive metadata abgefragt and, if necessary they will be interconnected with the Integrated Authority File (GND) run by the Deutsche Nationalbibliothek (DNB), the ORCID-Registry of the not-for-profit organisation ORCID or the Virtual International Authority File (VIAF), which is a collaborative project of many national libraries and library consortiums and is run by the Online Computer Library Center (OCLC). All three are publicly accessible. All information requested in this context is to be provided on a voluntary basis. It complies with the intention of Kartdok, namely to make one’s own research results publicly available and this logically follows from using KartDok. The capture of other personal data in connection with the log in process (IP address, date and time of the registration) serves to prevent misuse of the services.
2.4) Processing registration data
The legal basis for processing of the registration data is Art. 6 para. 1 lit. e GDPR in conjunction with § 3 Federal Data Protection Act (BDSG). The temporary storage of the IP address by the system is necessary to enable delivery of the website on the user’s computer. For this purpose the IP address of the user must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data also serve to optimise the website and the security of our information technology systems. In this context there will be no evaluating the data for marketing reasons. These purposes also constitute the justified interest of KartDok in data processing according to Art. 6 para. 1 lit. f GDPR.
2.5) Data transfer and storage of personal data
All collected personal data are stored on server infrastructures of the Verbundzentrale des Gemeinsamen Bibliotheksverbundes (VZG, Platz der Göttinger Sieben 1, D-37073 Göttingen, email@example.com). The complete data transfer is done in secure, encrypted form via the Internet communication protocol Hypertext Transfer Protocol Secure (HTTPS). Apart from that, there is no further transfer of personal data. All personal data are stored for an indefinite time, but at the longest until the withdrawal of consent regarding their use - usually in the form of the deletion of the respective user account.
2.6) Withdrawal of consent and deletion of personal data
The permanent deletion of one’s own user account at KartDok can be requested by an informal message at any time:
- via our contact form or our e-mail address firstname.lastname@example.org or
- via a message to the listed contact addresses of KartDok or to the staff member responsible for the data collection.
Thereby it is also possible to withdraw the consent to the storage of personal data during the registration process. All other personal data collected in connection with the registration process (IP address, date and time of registration) are usually deleted seven days after the registration..
2.7) Responsible staff and contact possibilities
For the data capture in connection with KartDok as publication platform for the purpose of the EU General Data Protection Regulation (GDPR) and other data protection regulations are responsible:
In case of queries you can contact the official data protection officer of the Stiftung Preußischer Kulturbesitz:
In case of queries you can contact the official data protection officer of the Verbundzentrale des Gemeinsamen Bibliotheksverbundes (VZG):
2.8) Claims and rights
You are entitled to obtain information on personal data related to you, you can request correction, deletion or limitation on processing. If these data are processed on the basis of your consent, you have a right to object to the processing and, if necessary, the right to data transfer.
In addition, you can issue a complaint at our authority for data protection, the Federal Commissioner for Data Protection and Freedom of Information:
Status as of: 29.04.2022