Data Protection - Leibniz Education Research Network (LERN)Leibniz Education Research Network (LERN)

Data protection regulation pursuant to EU European General Data Protection Regulation (GDPR)

Courtesy translation – only the German language version is legally binding

This data protection statement applies to the Internet offering of the Leibniz Education Research Network (LERN) at https://www.leibniz-bildung.de. For websites of other providers, which are referred to e.g. via links, the data protection information and declarations of those providers apply.

The LERN website is operated by the DIPF | Leibniz Institute for Research and Information in Education. The DIPF is responsible for processing the personal data collected on this website. For address and contact details, please refer to the imprint.

The coordination office of the Leibniz Research Network Educational Potentials (LERN) is institutionally affiliated with the DIPF | Leibniz Institute for Human Development and Educational Information. If you have any questions about data protection at DIPF, please contact our data protection officer. You can ask there which of your data is stored by us. In addition, you can contact us at any time, preferably by e-mail or letter, for information, requests for deletion and correction of your data, and also for suggestions:

Viktorija Meinel (Ass. jur.)
gds Gesellschaft für Datenschutz Mittelhessen mbH
Auf der Appeling 8, 35043 Marburg a. d. Lahn
Fax: 06421-804-13-18
E-Mail: or

The data collected on this website is used by DIPF to provide the services offered and by the users of this website to make use of these services.
The legal basis for the – in part temporary – storage of the data and the log files is Art. 6 para. 1 lit. a) and e) of the German Data Protection Regulation (GDPR). Personal data that we collect for the fulfillment of certain services, we receive based on your consent to the collection, storage and processing of this data according to the terms of use and in accordance with Art. 6 para. 1 lit. a) GDPR.
The personal data collected on this website will not be disclosed to third parties without your express consent.

The use of our website is possible without providing additional personal data. Insofar as personal data is collected on our pages, this is always done on a voluntary basis beyond technically necessary functionality data. All data will not be passed on to third parties without your express consent.

Data and information are collected every time this website is called up and used. This functionality data and information is stored in log files of the servers. The following data may be collected:

IP address
Information about the type of browser and the version used
Date and time of access
Internet service provider of user
User’s operating system
Websites from which the user’s system accesses our website
Websites that are accessed by the user’s system via our website

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e) GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website, to optimize the content of the website and to ensure the security of our information technology systems. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client can no longer be made.

According to Art. 15 – 18, 20 – 21 and 77 GDPR, you as a user of this website have the following rights:

You can request information pursuant to Art. 15 GDPR or § 52 HDSIG (Hessisches Datenschutz- und Informationssicherheits Gesetz) about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted by the provisions of Sections 24 (2), 25 (2), 26 (2) and 33 HDSIG Section 52 (2) to (5) HDSIG.

If the information concerning you is not (or is no longer) accurate, you may request a correction in accordance with Art. 16 GDPR or § 53 HDSIG. If your data is incomplete, you can also demand that it be completed.

You can demand the deletion of your personal data under the conditions of Art. 17 GDPR and §§ 34 and 53 HDSIG.

Within the framework of the requirements of Art. 18 GDPR or also § 53 HDSIG, you have the right to demand a restriction of the processing of the data concerning you.

According to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided. This applies if.

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR
and
(2) the processing is carried out with the help of automated procedures.

The exercise of this right also includes the possibility for you to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of data relating to you that is based on Art. 6 (1) e) or f) GDPR for reasons that arise from your particular situation.
You may also revoke your consent at any time with effect for the future in accordance with Art. 7 (3) of the GDPR, without this affecting the lawfulness of any data processing based on the consent previously given.

If you are of the opinion that we have not complied with data protection regulations when processing your personal data, you may, in accordance with Art. 77 GDPR, § 55 HDSIG, lodge a complaint with the supervisory authority at the Hessian Commissioner for Data Protection and Freedom of Information, who will examine your complaint.

E-mail address of the data protection officer:

We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of data against access by third parties is not possible on this side. The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending advertising and information material not expressly requested is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam mails.

This website uses Matomo, an open-source software for the statistical analysis of visits. Matomo uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is stored on our server. The IP address is anonymized immediately after processing and before it is stored. You can prevent the installation of cookies by selecting the appropriate settings on your browser software (so-called “Do-Not-Track” function). However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
In addition, you can activate or deactivate the use of Matomo each yourself via our cookie settings (cookie banner as well as on the cookie policy page under point 7).

More information about cookies on our website.

Objection to tracking with Matomo

Tracking is currently not active for you, because your browser has informed us that you do not want tracking. This is a browser setting. To reactivate tracking, you must deactivate the so-called “Do-Not-Track” setting in your browser settings.

On our website, plugins of the social media Twitter, Facebook and LinkedIn are used, which enable the sharing of posts via links. You can recognize these links by icons or small stylized symbols. To ensure data protection on our website, we only use these plugins together with the so-called “Shariff” solution.
This application prevents the plugins integrated on our website from transmitting data to the respective provider when you first enter the page. Only when you activate the respective plugin by clicking on the associated button, a direct connection to the provider’s server is established. As soon as you activate the plugin, the respective provider receives the information that you have visited our site with your IP address.
Activating the plugin constitutes consent within the meaning of Art. 6 (1) a) GDPR. Therefore, please inform yourself in advance about the following pages of the providers with regard to terms of use (1) and data protection notices (2) there.

Twitter:
https://twitter.com/de/tos (1)
https://twitter.com/de/privacy (2)

Facebook:
https://de-de.facebook.com/policies_center/ (1)
https://de-de.facebook.com/privacy/explanation (2)

LinkedIn:
https://de.linkedin.com/legal/user-agreement (1)
https://de.linkedin.com/legal/privacy-policy (2)

On the LERN website you can subscribe to a free newsletter. By ordering the LERN newsletter, published by the DIPF | Leibniz Institute for Human Development and Educational Information, you agree to receive the newsletter 4-5 times per year by e-mail. When you order the newsletter, your e-mail address (first name and last name are optional) as well as the date and time of registration and your IP address will be stored on the DIPF servers as a record. Your e-mail address will be used exclusively for sending the LERN newsletter. No other use or disclosure to third parties will take place.
The data processing is based on your consent, which can be revoked at any time (Art. 6 para. 1 lit. a), Art. 7 para. 3 GDPR).
A revocation of your already given consent is possible towards us at any time. If you wish to unsubscribe from the newsletter, you can use the form https://www.leibniz-bildung.de/newsletter-abmeldung/ for this purpose or click on the “Unsubscribe from newsletter” link, e.g. also at the end of each newsletter. Data that you have entered to set up a newsletter subscription will be deleted from our servers in the event of unsubscription.

You can use the LERN website to register for events of the Leibniz Research Network Educational Potentials (including the LERN Annual Conference, Educational Policy Forum and CIDER-LERN events).

When registering for events, we collect and process the following mandatory data in addition to the purely technical functionality data (including IP address, see above) on the basis of Art. 6 (1) e) GDPR: E -mail address, first and last name and institutional affiliation. All other information in the respective registration form is optional. The data you provide is required for participation management and for sending information and documentation about the event.
The data processing of the mentioned categories takes place in case of voluntary use by consent to this (according to Art. 6 para. 1 lit. a) GDPR) as well as in execution of the institute’s mission (incl. the LERN network members) for research and science (according to Art. 6 para. 1 lit. e) GDPR) exclusively for the Leibniz Research Network Educational Potentials.

On the web server, all data is deleted after three months, possible functionality data of a website visit (event page) after one week.

You can revoke your consent with then effect for the future at any time, at best by e-mail to , stating two of the three mandatory details mentioned above. Any data processing that has taken place up to that point remains unaffected by this; Art. 7 para. 3 p. 2 GDPR. Likewise, you can exercise your rights as set out under “7. Your rights” above in accordance with Chapter 3 and Art. 77 GDPR in conjunction with. § 55 HDSIG accordingly also assert.

To hold virtual events, we use the Zoom web conferencing program from the provider of the same name or also work with an external service provider who provides the necessary technical infrastructure. In each case, our interest lies in the effective implementation of online events. By submitting the registration for an online event, you agree to the use of the services used as well as to the data protection provisions and terms of use stated there in accordance with Art. 6 Para. 1 lit. a) GDPR. No additional data will be passed on to them.
For the most extensive protection of your fundamental rights and freedoms in the processing of personal data, use at best pseudonyms with confusable EDP characters and a function or even disposable e-mail address accessible to you for registration there. In addition, it is recommended to create the corresponding calendar entry yourself, i.e. not to use the direct calendar implementation from the browser registration, and finally to restart the browser for the purpose of automatic cookie deletion.

Zoom is a service of Zoom Video Communications, Inc., which is based in the USA (55 Almaden Boulevard, 6th Floor, San Jose, CA 95113). DIPF has concluded an agreement with the provider of Zoom in accordance with the EU standard data protection clauses and on the basis of Art. 28 DS-GVO.
When using Zoom, different types of data are processed. The scope of the data depends on the information that the respective user provides before or during participation in an online meeting.
In order to participate in an online meeting or to enter the meeting room, participants must at least provide information on their name (which may be chosen by the user). A pseudonym is sufficient for this purpose.
The following personal data are regularly processed: first name, last name, e-mail address, password (if “single sign-on” is not used), meeting topic, IP addresses, device/hardware information; in addition, when dialing in by telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, may be stored. Furthermore, if the chat, audio or video function is used (voluntarily), the data collected in the process will be transmitted and processed.
In order to enable the display of video and the playback of audio, the data from the microphone of the end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. Users can switch off or mute the camera or microphone themselves at any time from the beginning or later via the Zoom application.
Unless there are legal retention periods, your data will be deleted as soon as it is no longer required for the purpose for which it was originally collected. Chat, video or audio data are not temporarily stored beyond the end of the respective meeting and are thus deleted immediately afterwards, meta and connection data at the latest after 7 days. In the case of legal retention periods – e.g. due to official requests – the deletion takes place after the retention period has expired. If you are registered as a Zoom user*, reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.
Information on data processing and data protection at Zoom and information on how to contact us to assert data protection rights can be found directly on the provider’s page: https://explore.zoom.us/en/privacy/.

In order to hold an event, it may sometimes be necessary to use an external service provider who is able to provide the necessary technical infrastructure (e.g. platform for viewing the livestream). In this case, participants will always be informed separately about the involvement of external service providers via our website or the event registration.

For example, in addition to Zoom, we also work with other external service providers on a case-by-case basis to ensure the best possible event experience. These include BMK Media Production GmbH & Co KG, Berlin (authorized representative: Thomas Bähr, bmk.tv privacy policy) on the basis of a commission processing agreement pursuant to Art. 28 GDPR.

For registration or use of the platform, you can always use the following mandatory information – if applicable – also by means of a pseudonym or alienated: Name, e-mail address, institution, function. Further use of partial services implemented there, such as video or audio transmission as well as whiteboard and chat functions, etc., is always optional on a voluntary basis.
If you have any questions about the specific (data) use in individual cases, please contact the respective service provider or the LERN network at the above address, which will be happy to help you in the best possible way.

Last modified: June 22, 2022