We process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
Name and contact details of the controller
The responsible controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
City of Leipzig
Phone: 0341 123-0
Name and address of the data protection officer
Data protection officer: Mr Thomas Schultz
Fax: 0341 123-2614
Phone: 0341 123-2247
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) provides the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR provides the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR provides the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR provides the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the former interests, Art. 6 (1) (f) GDPR provides the legal basis for processing.
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system of the retrieving computer.
The following data is collected here:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of the request
The data is also stored in the log files of our system. The storage period is 7 days. Storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility on the part of the user to object.
The user data collected by cookies will not be used to create user profiles.
- Login for protected areas
- Login for user registration for the services of the Leipzig Municipal Libraries
- Storage of active tabs in tab menus
- Status about whether "agree" was clicked on in the cookie banner
- Status about whether you have objected to the analysis of user behaviour
- Session cookie for the use of City map integrations
Cookies for analysing user behaviour
Anonymised usage data for the web analysis software Webtrekk Q3
- Object to data collection by Webtrekk
- Further information about Webtrekk's data collection
Disable, restrict and delete cookies via browser settings
Web analysis / statistics
We use web analysis software Webtrekk Q3 to evaluate and record access to leipzig.de. We use settings in which the IP addresses are anonymised. Individual users cannot be identified. Webtrekk GmbH is certified for data protection, in the area of Web Controlling Software, by the TÜV Saarland. Part of the certification is an on-site audit of Webtrekk in Berlin and at the hosting site, where the collection and processing of tracking data was checked for data privacy compliance and data security.
As part of your website visit, we collect and evaluate some of the information that your browser transmits for our web controlling. The survey is done by a pixel, which is integrated on every website. The following data is collected here:
- Request (file name of the requested file)
- Browser Type / Version (ex.: Internet Explorer 6.0)
- Browser language (ex.: German)
- Operating system used (ex.: Windows XP)
- Internal resolution of the browser window
- Screen resolution
- Java On / Off
- Cookies on / off
- Colour depth
- Referrer URL (the previously visited page)
- IP address - will be immediately anonymised and deleted after processing
- Time of access
The IP address is transmitted with every server request so that the server knows where to send the response. Everyone receives an IP address from an Internet Service Provider (ISP) as soon as they connect to the internet, and the ISP can track which IP address was assigned to which of its customers at what time. As long as the IP address is stored, the ID of the ISP can theoretically be used determine the identity of the connection owner. We and our statistics service provider store the IP address only in abbreviated (anonymised) form and use it only for session recognition, for geolocation (down to the city level) and for defence against attacks. The IP address is then deleted immediately, so that the recorded data is then anonymous and no assignment to the identity of the user is possible even via the ISP.
According to §15 of the Telemedia Act, website visitors can object to the storage of their visitor data that has been pseudonymised, so that the data will no longer be collected (recorded) in the future.
A cookie with the name "webtrekkOptOut" is set from the domain www.leipzig.de for the exclusion of Webtrekk Web-Controlling. This objection is valid as long as you do not delete the cookie. The cookie is set for the named domain, per browser and computer. Therefore, for example, if you visit our website from home and work or with different browsers, you would need to place the cookie for each computer and browser.
Hannoversche Str. 19
Online forms, contact forms and email contact
The use of contact forms, order forms and other online forms requires the voluntary input of personal data in order to fulfil the requested services. All personal data is collected and stored solely for the respective purpose.
Please refer to the information on the respective forms regarding what specific data is transmitted.
Contact via provided email addresses is usually possible as an alternative. In this case, the user's personal data transmitted by email will be stored. In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
The processing of the personal data from the input mask serves us only to process the contact. In the event of contact via email, the required legitimate interest in the processing of the data also lies herein.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The user has the possibility at any time to revoke their consent to the processing of their personal data. If the user contacts us via email, they may object to the storage of their personal data at any time. The conversation cannot continue in this event. All personal data stored in the course of contacting will be deleted in this case.
Rights of data subjects
If personal data is processed about you, you are a data subject in terms of the General Data Protection Regulation (GDPR) and you have the following rights vis-a-vis the controller:
Right to information
You may ask the controller to confirm if personal data concerning you is processed by us.
If such processing occurs, you can request information from the controller about the following:
- The purposes for which the personal data is processed;
- The categories of personal data that is processed;
- The recipients or the categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
- The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- The existence of a right to correction or deletion of the personal data concerning you or to a restriction of processing by the controller or a right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- All available information on the source of the data if the personal data is not collected from the data subject.
You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this connection, you may request to be informed of the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-a-vis the controller, provided the personal data processed is incorrect or incomplete. The controller must make the correction without delay.
Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of your personal data;
- The processing is unlawful and you refuse deletion of the personal data and instead request the restriction of the use of the personal data;
- The controller no longer needs the personal data for the purposes of the processing, but you require the data to assert, exercise or defend legal claims; or
- You have lodged an objection to the processing pursuant to Art. 21 (1) GDPR, as long as it is not certain that the legitimate reasons of the controller prevail over your reasons.
If the processing of your personal data has been restricted, this data may be used - with the exception of its storage - only with your consent or for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest to the European Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be notified by the controller before the restriction is lifted.
Right to deletion
You have the right to request that the controller immediately delete your personal data, and the controller is obliged to delete personal data immediately if one of the following applies:
- The personal data is longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw the consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no legitimate grounds for processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you was processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Information to third parties
If the controller has made the personal data publicly available and is required to delete it in accordance with Art. 17 (1) GDPR, taking into account the technology available and the implementation costs, the controller shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have requested that they delete all links to such personal data or copies or replications of such personal data.
The right to deletion does not exist if the processing is done:
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
- For reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- For archival purposes of public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing; or
- To assert, exercise or defend legal claims.
Right to information
If you have exercised the right of correction, deletion or restriction of processing vis-a-vis the controller, the controller is obliged to notify all recipients to whom your personal data as been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right vis-a-vis the controller to be informed about these recipients.
Right to data portability
You have the right to receive the personal data you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was given, provided that
- The processing rests on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
- The processing is done using automated procedures.
In exercising this right, you also have the right to obtain that your personal data relating to you is transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
This right to data portability does not apply to processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
Right to objection
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If your personal data is processed in order to operate direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regarding the use of information society services, regardless of Directive 2002/58/EC, you can exercise your right to object through automated procedures that use technical specifications.
Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Automated decisions in individual cases including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which will have legal effect or affect you in a similar manner. This does not apply if the decision
- Is necessary for the conclusion or performance of a contract between you and the controller;
- Is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
- Occurs with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and reasonable measures have been taken to protect your rights and freedoms as well as your legitimate interests.
Regarding the cases named in (1) and (3), the controller shall take reasonable steps to safeguard your rights and freedoms and legitimate interests including at least the right to obtain the intervention of a person at the controller, to express your own position and to challenge the decision.
Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you consider that the processing of your personal data violates this regulation.
The supervisory authority to which the appeal has been submitted shall inform the complainant of the status and results of the appeal, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR. The competent supervisory authority is the Saxony Data Protection Officer.
Online Catalogue of the Leipzig Municipal Libraries (Catalogue - webOPAC)
Information about the use of the site: webopac.stadtbibliothek-leipzig.de
The use of the catalogue is recorded anonymously for statistical purposes. The SessionID or other characteristics traceable to a user are not statistically evaluated. It is not possible to create user profiles on this basis.
The website requires cookies for error-free search and self-service functions. Cookies are small text files that are stored by a web page or online service via the web browser on your computer. You can delete the cookies at any time in your browser settings. Your IP address will not be registered in conjunction with the catalogue usage. The SessionID expires as soon as you close the browser. Below you will find a list of the cookies used with details of the application, a brief description and the storage time on your computer (unless you block or delete them).
Information about the cookies used
- JSESSIONID: This cookie is required by the application to review and store session information - Valid for the duration of a session
- UserSessionID: This cookie is required by the application for checking user information - Valid for the duration of a session
- BaseURL: This cookie is required by the System Neighborhood Settings application to restart a session - Valid for the duration of a session
Registration for online offers (single sign-on – single sign-on via stadtbibliothek.leipzig.de)
For automated registration with the external online offers, a cookie is stored on the computer in the web browser when logging in via the library website; it contains a session ID. This is transferred to the registration system and is linked to the user number of the library card, the password and the login time. This information is only for registration with the external services and will not be evaluated.
After completing a session (logout), this data is anonymised and the user number, password and SessionID are deleted again. The login time is kept for statistical purposes. Once a day, all sessions longer than 12 hours are automatically anonymised.
Data processing with online offers from the Leipzig Municipal Libraries (third party)
We provide our online offers in cooperation with external service providers. The service providers must check whether you are a legitimate user. For this purpose, the validity of the library card is checked by transferring the user number and password to an interface to the library system in an encrypted form. For the statistical evaluation of the use of the online offers, anonymised usage data is collected by the third-party providers and made available to the library. The following applies to the handling of this data: It is not passed on to others, and no evaluation takes place. Please also note the individual data protection regulations of the third-party providers:
E-learning portal (click on the symbol § in the header on the right)
Email notifications from the Leipzig Municipal Libraries
In the registration form for the use of the Leipzig Municipal Libraries, you can optionally specify your email address. The specification of an email address is obligatory for self-registration. The Leipzig Municipal Libraries use this email address exclusively for the purpose of conveying information to you about issues related to the use of the library (for example, pick-up of reserved media, the imminent expiration of the user card or an upcoming return date).
Some of these notifications include personal data (name and address) as well as details of any media you have borrowed or reserved. Pursuant to § 13 (2) of the Telemedia Act, you have the right to revoke this consent at any time. You can revoke it in the central library and any other branch of the Leipzig Municipal Libraries. Alternatively, you can also delete your email address online in your user account.
Use of the city map
The city map plus under www.stadtplan.leipzig.de uses "WebOffice" of the company SynerGIS Informationssysteme GmbH and can only be accessed with activated cookies. A so-called session cookie is stored on your computer. This cookie does not store any personal data and will be deleted or lose its validity after the end of use.
Video streaming and traffic via Video-Stream-Hosting.de (Steinmann GbR)
On our pages (for example, Council meeting Livestream) content such as the video player of the company Video Streaming-Hosting.de, Steinmann GbR, Am Sennehügel 20, 32052 Herford are incorporated. See also https://www.videostream-hosting.com/ (hereinafter: VSH).
With this video player and other data provided, we are able to display our content transmitted via VSH on our website. When you view the streaming videos (data, players, et cetera) transmitted by VSH on our website, a direct connection is established between your browser and the VSH server. VSH collects your IP address and sends you the requested data.
VSH processes your IP address and stores it only briefly for the transmission and for the technical and security-related provision of the service. For longer storage of the IP address, the IP address is anonymised - this makes it impossible for VSH to trace it back to your connection (i.e. it cannot be connected to you as a person). In addition, VSH stores so-called session cookies in your browser. These cookies allow VSH to recognise your browser the next time you visit. This serves technical and security-related services (detection of attacks and illegitimate calls).
The use VSH services is done in the interest of trouble-free provision and optimisation of our offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Social plugins on leipzig.de
Privacy-friendly sub-functions for social media
We rely on the Shariff solution for our social media share features. This ensures that no data is transmitted to these services when visiting our website. If you use the sub-functions, the selected network is opened in a new window or tab outside our website. Data transfer only takes place there.
For more information, see: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
Two clicks for privacy with integrated external services
On some pages you will find the services of certain providers connected. When the page is first accessed, these connections are disabled and no data is transferred to these services. It becomes active only when you click on the corresponding button and you therefore give your consent to submit data to the respective operator of the social network. If you want to use this function, please note the following:
Social plugin Facebook
Our website uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook"). The plugins are recognisable by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by it into the website. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform you according to the current state of our knowledge:
By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of the online offer. If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, e.g. press the Like button or leave a comment, the information is transmitted from your browser directly to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and save your IP address.
If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your member data stored on Facebook, you must log out of Facebook before visiting our website.
It is also possible to block Facebook social plugins with add-ons for your browser, for example with the Facebook blocker.
Embedded YouTube videos
We integrate videos from the YouTube platform of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. When you visit a page with the YouTube plugin, it will connect to Youtube's servers. Youtube will be informed about which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behaviour to you personally. This can be prevented by logging out of your Youtube account beforehand.
Anyone who has disabled the storage of cookies for the Google Ad programme will not have such cookies set when watching YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
Advertising is provided on the pages of leipzig.de. The advertising spaces are marketed by LVZ-Online, the internet service of Leipziger Volkszeitung. LVZ-Online uses an adserver to optimise the advertising. No user profiles are created here.
Processing takes place exclusively on computers in Germany. The transmission of the website texts to Linguatec takes place via an SSL-encrypted connection. The transmitted texts are deleted after processing. The audio files generated from the texts are deleted after processing. The IP addresses of the senders are deleted after processing.
Name and address of the controller:
Represented by: Dr. Reinhard Busch
Phone: +49 89 896664-0
Year of Democracy newsletter
Through our newsletter you receive information about the Year of Democracy "You. We. Leipzig" regarding funded projects, interesting events and much more.
In order to register for the newsletter, we only need your email address. You can voluntarily provide your name and first name, which enables personalised sending of e-mails. Simply sign up on our website using the appropriate form. We use your information exclusively for newsletter dispatch.
To ensure that you are the owner of the email address and agree to the use of the email address for the newsletter, you will receive an email after signing up asking you to confirm your registration. In order for us to provide the legally required proof of your consent, the registration for the newsletter will be logged.
For the dispatch of the newsletter, we use the service CleverReach (Cleverreach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany), which as a comissioned processor may use your email address exclusively for this purpose.
A statistical analysis of the anonymised data sets is used to evaluate how many recipients have opened the newsletter. In addition, clicks, returns, and cancellations are recorded as are the country of origin and the device used (mobile/desktop). More information can be found here: https://support.cleverreach.de/hc/de/articles/202372751-Aktivieren-des-Trackings-zur-Ermittlung-von-%C3%96ffnungen-und-Klicks
You can unsubscribe from the newsletter at any time and thus revoke your consent to the use of your information. Simply use the unsubscribe link that is included in every newsletter email. With the revocation of your consent, the personal data stored on you will be deleted.
You have the right to receive information about the data stored about you. In addition, you have the right to correction, restriction or objection to processing and to data portability.
If you believe that the processing violates data protection regulations, you may appeal to a data protection supervisory authority.
Information about the controller
Dezernat Allgemeine Verwaltung
Encrypted data transmission