We are pleased about your visit to the Archivportal Thüringen. Data protection and data security for our users are a high priority for us. We observe the data protection regulations, in particular the EU General Data Protection Regulation (EU-GDPR), the German Federal Data Protection Act (BDSG) as well as the Thuringian Data Protection Act (ThDSG) and the Telemedia Act (TMG). In this data protection information we explain to you which information (including personal data) is processed by us during your visit and your use of our aforementioned Internet offer (website).
The person responsible under data protection law for the processing of personal data and service provider within the meaning of the EU-GDPR is the Landesarchiv Thüringen, Marstallstr. 2, 99423 Weimar and, as the processor, the Thüringer Landesrechenzentrum (hereinafter TLRZ), Ludwig-Erhard-Ring 2, 99099 Erfurt.
You can reach our data protection officer under:
Landesarchiv Thüringen, PO Box 27 26, 99408 Weimar
Phone: 03643/87 01 01
Thüringer LandesRechenZentrum, PO Box 80 03 05, 99029 Erfurt
Phone: 0361/573 63 58 00
Head: Thomas Wagner
Deputy head: Dieter Marek
Head: Dr. Thomas Brückner
Deputy head: Christian Stötzer
What principles do we observe?
In compliance with the data protection regulations, we process your personal data only if a legal regulation allows us to do so. When using the contact form, we assume the implied consent to the use of your data (for further information see Are you obliged to provide data ?).
On this website, we may also collect information which in itself does not allow us to draw any direct conclusions about your person. In certain cases - especially when combined with other data - this information may nevertheless be considered personal data in the sense of data protection law. A personal evaluation does not take place. Furthermore, we may also collect information on this website on the basis of which we can neither directly nor indirectly identify you. This is the case, for example, with summarized information about all users of this website.
Which data do we process?
You can access our website without directly providing personal data such as your name, postal address or e-mail address. Even in this case, we have to collect and store certain information in order to provide you with access.
1. Log files
When you visit this website, our web server automatically stores the domain name or IP address of the requesting computer (usually your Internet access provider) including the date, time and duration of your visit, the sub-pages/URLs you visit and information about applications and end devices used by you to view our pages.
3. Website analysis with Matomo
For what purposes and on what legal basis do we process your data on this website?
1. Any personal data contained in the log files is processed to enable you to use our website. This is done on the basis of § 15 paragraph 1 TMG.
2. The processing of the data collected via cookies (including web analysis with Matomo) and the pseudonymous user profiles is carried out for the purpose of operating and improving our website and making it suitable for the needs of our customers on the basis of § 15 paragraph 3 TMG.
3. We may also process stored data for the purpose of communication in order to fulfil legal obligations to which we are subject. This is done on the basis of Article 6 paragraph 1 c) EU-DSGVO.
4. If necessary, we process your data beyond the above-mentioned purposes to protect our legitimate interests or the interests of third parties. This is done on the basis of Article 6 paragraph 1 f) EU-GDPR.
Our legitimate interests include in particular
a) the assertion of legal claims and defence in legal disputes,
b) ensuring consumer-friendly communication,
c) the prevention and investigation of criminal offences,
d) the management and development of our business activities, including risk management.
Are you obliged to provide data?
To ensure user-friendly communication via the contact form service, the following personal data must be processed: Name, first name, home address, e-mail, subject. When using the contact form, we always assume an implied consent to the use of your data. This data will only be used to process your request. You will find further information in the data protection notice of the respective contact form. If, in exceptional cases, further personal data is required to process your request, you will be asked for your express consent.
Who receives your data?
Your personal data is always processed within our systems. Depending on the type of personal data, only certain organisational units have access to your personal data. This includes in particular the organisational units of the TLRZ which are concerned with the provision of our internet offer. Due to a role and authorisation concept, access within the TLRZ is limited to those functions and the scope that is necessary for the respective purpose of processing.
We may also transfer your personal data to third parties outside the TLRZ to the extent permitted by law. These external recipients include the service provider eWorks GmbH (Neue Börsenstraße 6, 60487 Frankfurt am Main, Germany), which is contracted by us to provide services for us on a contractual basis. These services may also include the processing of personal data.
Your data will not be transferred to third countries.
Is automated decision making used?
In connection with the operation of our website, we do not generally use automated decision making (including profiling) within the meaning of Art. 22 EU-GDPR. If we use such procedures in individual cases, we will inform you separately to the extent required by law.
How long is your data stored?
We store your personal data for as long as we are legally obliged to do so (e.g. to fulfil storage obligations). We will delete your personal data without your intervention as soon as knowledge of it is no longer necessary to fulfil the purpose of the processing. As a rule
- The log data is deleted within 30 days, unless further storage is required for legally intended purposes such as the detection of misuse and the detection and elimination of technical faults,
- Those personal data which we have to store in order to fulfil our retention obligations will be stored until the end of the respective retention obligation. If we store personal data exclusively for the fulfilment of storage obligations, these are usually blocked so that they can only be accessed if this is necessary in view of the purpose of the storage obligation.
What are your rights?
As a data subject, you have the right
- to access the personal data stored about you in accordance with Art. 15 EU-GDPR,
- to correct incorrect or incomplete data in accordance with Art. 16 EU-GDPR
- to delete personal data in accordance with Art. 17 EU-GDPR or, alternatively
- to restrict processing in accordance with Art. 18 EU-GDPR,
- to data transferability according to Art. 20 EU-GDPR and
- to object to the processing of personal data relating to you in accordance with Art. 21 EU-GDPR.
- Under Article 77 EU-GDPR you also have the right to complain to the supervisory authority (Der Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit TLfDI, Häßlerstraße 8, 99096 Erfurt) if you believe that personal data concerning you is being processed unlawfully.
To exercise these rights, you may contact us at any time using one of the contact methods indicated at the beginning of this privacy statement.