Skip to content

Privacy policy

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as "online offering"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person responsible:

  • Name/Fa.: Leibniz Institute for the Analysis of Biodiversity Change
  • Street no.: Adenauerallee 160
    Postcode, city, country: 53113 Bonn, Germany
  • Telephone number: +49 228 9122-0
  • E-mail address: datenschutz@leibniz-lib.de

Data Protection Officer:

  • Name: Thorsten Klug
    Street No.: Adenauerallee 160
  • Postcode, city, country: 53113 Bonn, Germany
    Telephone number: +49 228 9122-402
  • E-mail address: datenschutz@leibniz-lib.de

Types of data processed:

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., e-mail, telephone numbers).
  • Content data (e.g., text entries).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 para. 1 GDPR):

  • No special categories of data are processed.

Categories of data subjects affected by the processing:

  • Customers / interested parties / suppliers.
  • In the following, we also refer to the data subjects collectively as "users".

Purpose of the processing:

  • Provision of contractual services, service and customer care.
  • Answering contact enquiries and communicating with users.

Status: 13/02/2025

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your co-operation (e.g. consent) or other individual notification.

Security measures

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
The security measures include, in particular, the encrypted transmission of data between your browser and our server.

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal authorisation (e.g. if the data is transferred to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR is required to fulfil a contract), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Data transfer to freelance nature educators for education & mediation programmes

We work with freelance nature educators (museum guides) to organise guided tours and workshops that can be booked through the Hamburg Museum Service and to bring you closer to the best of our exhibitions. They will guide you through our museum education programmes for all age groups and provide you with in-depth and unique scientific knowledge.
We only transfer personal data to the nature mediators if this is necessary in the context of contract processing, for example to the nature mediator commissioned to carry out the education and mediation programme.
We have concluded a contract with all nature mediators to ensure that they only process the personal data of our participants in accordance with our instructions and in compliance with the GDPR.
We only transmit the following data to the respective cultural mediator:
Name of the group leader, size of the group, age group, institution if applicable, name of the institution, telephone number, e-mail address, address, which event has been booked and, in the case of school classes, the class level.
No further transmission of data takes place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of the data subjects

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you. Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to request that the data in question be erased immediately or, alternatively, to request that the processing of the data be restricted in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of cancellation

You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.

Right to object

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

Cookies and right to object to direct advertising

We use temporary and permanent cookies, i.e. small files that are stored on users' devices. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

Some of the cookies are used for security purposes or are necessary for the operation of our online offering (e.g. to display the website) or to save the user decision when confirming the cookie banner.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site HTTP://WWW.ABOUTADS.INFO/CHOICES/ or the EU site HTTP://WWW.YOURONLINECHOICES.COM/.

You can view and adjust the cookie storage settings you have made at any time by clicking on the following link:

Cookie settings

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link HTTPS://WWW.BFDI.BUND.DE/EN/INFOTHEK/ANSCHRIFTEN_LINKS/ANSCHRIFTEN_LINKS-NODE.HTML

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Integration of third-party services and content / implemented technologies

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.
The following presentation provides an overview of third-party providers or implemented technologies and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):

Google Maps

This website uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer.

We have configured the integration of Google Maps in such a way that data is not transferred to Google automatically, but only when you activate the map by clicking on it on the basis of your consent (Art. 6 para. 1 lit. a GDPR) and if the cookies have been agreed to in advance.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in Google's privacy policy: HTTPS://WWW.GOOGLE.DE/INTL/DE/POLICIES/PRIVACY/

Opt-Out: HTTPS://WWW.GOOGLE.COM/SETTINGS/ADS/

Matomo

On the basis of your consent (Art. 6 para. 1 lit. a GDPR), we use the web analysis service software Matomo (see www.matomo.org) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). GDPR), the following data is processed:

Pseudo-anonymised location (based on the anonymised IP address), browser type and browser version, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click on. Users' IP addresses are anonymised before they are stored.

Matomo uses cookies that are stored on users' computers and enable us to analyse how users use our website. Pseudonymised user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.

Newsletter service provider SendinBlue

This website currently uses SendinBlue to send newsletters. The provider is SendinBlue GmbH, a German limited liability company with registered office at Köpenicker Str. 126, 10179 Berlin, Germany, registered in the Berlin-Charlottenburg commercial register, HR number HRB 133191. SendinBlue is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on SendinBlue's servers. The hosting servers on which SendinBlue processes and stores the databases are located exclusively in the European Union. SendinBlue undertakes not to transfer data outside the European Union. If you do not want SendinBlue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link or email contact in every newsletter message.

With the help of SendinBlue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine which links have been clicked on particularly often. We can also recognise whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognise whether you have made a purchase after clicking on the newsletter. SendinBlue also enables us to subdivide ("cluster") the newsletter recipients according to various categories. In this way, the newsletters can be better customised to the respective target groups. Detailed information on the functions of SendinBlue can be found at the following link: www.brevo.com/de/company/about/

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and SendinBlue's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. You can find more details in SendinBlue's privacy policy at HTTPS://EN.SENDINBLUE.COM/LEGAL/PRIVACYPOLICY/

Data collection from the hosting provider RAIDBOXES

The hosting services on which this page is based are provided by RAIDBOXES GmbH (Friedrich-Ebert-Straße 7, 48153 Münster, Germany). RAIDBOXES GmbH offers Software as a Service (SaaS) services in the context of cloud hosting.

RAIDBOXES GmbH automatically collects and stores server log files with information that your browser transmits to us. This information includes

  • Browser type
  • operating system
  • Referrer URL (previously visited page)
  • Host name (IP address)

RAIDBOXES GmbH cannot assign this data to specific persons. This data is not merged with other data sources. The data will be deleted after a statistical analysis after 7 days at the latest. Further information can be found in the data protection provisions of RAIDBOXES GmbH. https://raidboxes.io/datenschutzerklaerung/.

We have also concluded a contract for order data processing (AV). This contract regulates the scope, type and purpose of RAIDBOXES GmbH's access to data. The access options are limited only to necessary accesses that are required to fulfil the hosting services.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with legal requirements, data is stored for 6 years in accordance with Section 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Provision of contractual services

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information if applicable) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
The deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

Making contact

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of processing the contact enquiry and handling it in accordance with Art. 6 para. 1 lit. b) GDPR.
We delete the enquiries if they are no longer required. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

Collection of access data and log files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Online presence in social media

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms. GDPR, we maintain an online presence within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process users' data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
We receive statistical data of different categories from the operators, such as: total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin in relation to country and city, language, clicks on route planners and clicks on telephone numbers.
We use the data to make our posts on the operator pages more attractive or to find the right time to publish them.
You can find information on the data at
Twitter: HTTPS://BUSINESS.TWITTER.COM/DE/HELP/CAMPAIGN-MEASUREMENT-AND-ANALYTICS/
Facebook: HTTPS://WWW.FACEBOOK.COM/LEGAL/TERMS/INFORMATION_ABOUT_PAGE_INSIGHTS_DATA
We would also like to point out that according to the "Page Controller Addendum" there is joint responsibility between Facebook and us in accordance with Article 26 GDPR(HTTPS://WWW.FACEBOOK.COM/LEGAL/TERMS/PAGE_CONTROLLER_ADDENDUM).

Videos from the "YouTube" platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are embedded in the pages in extended data protection mode. However, like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these to collect video statistics, prevent fraud and improve user-friendliness, among other things. This also leads to a connection being established with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no influence on this. You can find more information about data protection at YouTube in their privacy policy at HTTPS://POLICIES.GOOGLE.COM/PRIVACY, Opt-Out: HTTPS://ADSSETTINGS.GOOGLE.COM/AUTHENTICATED.

Overview

Contact

Leibniz Institute for the Analysis<br>of Biodiversity Change (LIB)

Leibniz Institute for the Analysis
of Biodiversity Change (LIB)

Adenauerallee 160
53113 Bonn

+49 228 9122 0info@leibniz-lib.de
+ More pages
© Leibniz Institute for the Analysis of Biodiversity Change | Germany, 2024-2025
Privacy Settings
This site uses cookies and third party elements to provide you with certain features and an optimal website experience. These include cookies that are strictly necessary for the operation of the site, cookies for anonymous statistical analysis/measurement, and the embedding of external services whose use you must consent to prior to use. You can find more information below in the notes on the individual functions and in detail in our privacy policy.
These cookies are necessary to enable the basic functions of our website.
This consent allows you to view external contents (via iframe).
This consent allows you to watch embedded videos.
Page views are recorded for anonymous statistical purposes using Matomo in order to constantly optimise our website. The visitor's IP address is anonymised.
Marketing cookies from Google/Meta are used to display personalised advertising. This is done by tracking visitors across websites.
Settings saved