Datenschutz – Sonares Science Hub

Privacy Policy

As of: 07.03.2024

Der Schutz Ihrer Daten hat für uns höchste Priorität. Wir behandeln Ihre persönlichen Daten vertraulich, verwahren sie sicher und geben sie nicht an Unbefugte weiter. Um Ihre Privatsphäre zu schützen, haben wir umfangreiche prozessuale, vertragliche und technische Vorkehrungen getroffen. Die Nutzung unserer Dienste erfolgt deshalb unter festgelegten Bedingungen. Diese Datenschutzerklärung ist eine davon:
The privacy policy applies to the use of the sonares ScienceHub as well as all apps, web applications, and services offered on it by sonares. The privacy policy applies regardless of how you access or use our services, including access via mobile devices and apps. It also applies when referenced by linking or in a similar manner, e.g., on websites of cooperation partners where sonares' services are displayed.
Sonares may change or extend the privacy provisions at any time by publishing the new version on this website and indicating the effective date of the amended version. In case of significant changes, we will notify you separately of the new version.

We assume responsibility for data protection

The responsible entity for the collection, processing, and use of your personal data in the sense of the Federal Data Protection Act (BDSG) for the European Economic Area (EEA) and Switzerland is:

sonares GmbH
Carmerstr. 8
10623 Berlin
Deutschland

Commercial Register: HRB 148927 B, District Court Charlottenburg
VAT Identification Number: DE 289233561

For questions, comments, and complaints, please contact our data protection officer at datenschutz@sonares.org or at the postal address of the aforementioned responsible entity.

Your right to information, correction and deletion of data

You have an unlimited right to free information about your stored data as well as the right to have your data corrected or deleted. Below we list all the rights granted to you by the GDPR:

revoke a given consent at any time with effect for the future (Art. 7 para. 3 DSGVO);
request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Article 15 of the GDPR);
request the correction of incorrect or incomplete data (Art. 16 DSGVO);
to demand the deletion of data in certain cases within the scope of Art. 17 DSGVO - in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent or declared an objection to its use;
under certain conditions, to demand the restriction of data, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 DSGVO);
to data portability, i.e., you can receive your data provided to us in a common machine-readable format such as CSV and possibly transmit it to others (Art. 20 GDPR);
to object to data processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art 21 para. 1 GDPR); and
to lodge a complaint with the competent supervisory authority about the data processing. Please address your complaint to https://www.datenschutz-berlin.de/buergerinnen-und-buerger/beschwerde/.

We will not hold it against you if you choose to exercise these options in relation to your personal information. If we refuse your request, you may have the right to appeal our decision. You should contact us to do this. We will endeavour to make your options and the consequences of using them clear to you.

How we keep your data confidential

To fully provide you with our offerings, it is necessary to collect, use, and store personal data. All personal and non-personal data (hereinafter referred to as "data") transmitted to us by users are treated confidentially.
We operate with a carefully designed, GDPR-compliant data protection concept. Sonares stores your data exclusively in pseudonymized and anonymized form in your browser and in self-hosted applications on servers in the European Union. In principle, sonares does not make your data available to third parties unless data sharing is essential for the functionality of our tools or has been permitted by you; such third parties include, for example, external service providers and cooperation partners who perform services on our behalf or commission that are necessary for providing our services – especially server operators, publishers (on whose pages our tools are integrated), and web hosts. Under certain circumstances, we may also be obliged to disclose data (for example, by a court order).

Why we collect data from our users

To provide you with all the functions of our ScienceHub and our offerings (especially the ScienceFacts), it is necessary to collect, process, and use personal data that you enter. The legal basis is according to Art. 6 para. 1 lit. a GDPR, your consent. The data is used for the following purposes:

matching scientific studies and statistics with your personal data to calculate individual effects on you personally
scientific analysis and evaluation of your entered data
further development of the scientific calculation models
comparison of your data and results with those of other users
creating personalised user profiles
selection and display of personalised content and advertisements
cross-platform display of content and ads (e.g. on Facebook and Google)
performance measurement of content and ads/advertising
improving the services, content and relevance of advertisements
optimising the technical performance of our services (e.g. loading times, compatibility, etc.)
enable cross-device use (e.g. transfer data between smartphone & desktop)
prevention of possible unwanted use of our services
dispute resolution and problem solving

What data we collect

In order to be able to provide all the functions of ScienceHub and to offer our services in full, we collect the following data when you use our tools:

Webserver

The web server collects data about accesses to the site and stores them as "server log files". The following data is logged in this way:

visited website / resource
time of access
amount of data sent in bytes
source/reference from which you reached the page
browser used
operating system in use
IP address used (in anonymized form)

The collected data serves statistical evaluations. They also help to detect and fend off malicious attacks on the server infrastructure.
The data is not disclosed to third parties unless the server operator is ordered to do so by judicial/prosecutorial decree.
Data sets are retained for a maximum of 2 years and are then automatically deleted.
The servers of our services are located in the European Union.

Technical data about your device with which you access our services

We automatically collect technical data from all users about the devices and software they use when interacting with our tools. This data includes, for example, the type of browser, the operating system used, the web address of the page from which you were redirected to us, and your IP address with us. This data is necessary for the proper and user-friendly operation of our website. In addition, this data helps us to detect and prevent any misuse of our services.

Data	Necessary for the following functions/services
IP-Adresse des zugreifenden Rechners	Datenzuordnung, Security/ Missbrauchsvorbeugung
Standort (u.a. über http://freegeoip.net)	Wohnortvoreinstellung als Service, Datenzuordnung, Statistik Security/ Missbrauchsvorbeugung
Browsertyp	Statistik, Optimierung der Services
Betriebssystem des Gerätes	Statistik, Optimierung der Services
Vorher besuchte Seiten (Referrer-URL)	Statistik, Marketing
Name der abgerufenen Seite	Statistik, Optimierung der Services
Datum und Uhrzeit des Abrufs	Statistik, Optimierung der Services
Übertragene Datenmenge	Statistik, Optimierung der Services, Security/ Missbrauchsvorbeugung

Personal data about you that you enter into our tools

We process data using local browser storage for later reuse. We use the data about you and your life situation, which you enter into our tools, to perform the calculations you request, e.g., to also calculate the effects of scientific findings from studies and statistics on you individually.
Furthermore, we use them to further develop our services, optimize your user experience, and show you directly or via partners further relevant content and offers/advertising.
These data are not stored separately by sonares. They fundamentally remain only in your local browser storage until you delete them. If you agree, our cooperation partners may have GDPR-compliant access to these data. If this is the case, you will find details about it in the privacy policy on the page of the site operator where you use our tools.

Data about your usage behaviour

Sonares stores anonymised data about your usage behaviour in the "Matomo" analysis software. The purpose of the data storage is, in addition to troubleshooting, primarily the optimisation of our offer with regard to the needs of our users. After all, it is important to us to make your user experience as smooth, error-free and pleasant as possible. The web analysis process also provides us with key figures on user traffic and its distribution over time, popular content and the length of time users spend on the site.

When we share data

In order to be able to provide you with our full range of services, we rely on the support of service providers and cooperation partners for data processing. We only pass on your personal data to third parties under very specific conditions.

For administrative purposes

Our service is managed by technical administrators who have access to all technical data. An administrator has the ability to view your anonymized, technical data and – if necessary – modify it to monitor, maintain, and keep our offering operational. In doing so, they observe the applicable data protection regulations. The legal basis is according to Art. 6 para. 1 lit. f GDPR, our legitimate interest.

For refinancing, e.g. via advertising

To refinance the ScienceHub and our offerings, you may be shown editorial content or advertisements from cooperation partners and advertisers during or after using our services. This is made possible in individual cases by transmitting selected data about you, your end device, and your use of our offerings – anonymized – to third parties. We always observe the adequacy decisions of the European Union valid at the time of transmission, as well as any supplementary agreements, such as the EU-USA Privacy Shield. The sharing of this data is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR or your consent according to Art. 6 para. 1 lit. a GDPR.

For statistical purposes

We reserve the right to share statistical, non-personal, or anonymized data about the use of our services with cooperation partners, for example, advertisers and website operators that use our offering. We also publish statistical information to show trends in user behavior and scientific findings. Moreover, your data – in anonymized form – may be shared with third parties for scientific purposes and the statistical evaluation of our services. The legal basis is according to Art. 6 para. 1 lit. f GDPR, our legitimate interest.

For legal reasons

We will disclose personal information to third parties if we have a good faith belief that access to, use of, preservation of, or disclosure of that information is reasonably necessary to

comply with any applicable law, regulation or legal process or comply with any enforceable governmental order,
enforce applicable terms of use, including investigating possible violations,
detect, prevent, or otherwise address fraud, security flaws, or technical issues,
protect the rights, property or safety of sonares GmbH, our users or the public from harm to the extent permitted or required by law.

If we are involved in a business combination, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information. We will notify you, if we have your contact information, before personal information is transferred or becomes subject to another privacy policy.

Which service providers we use for data processing

We only pass on your personal data to service providers involved in the service in question under strict conditions. Insofar as other companies are commissioned by us to provide certain services, such as web hosting, analyses, data pseudonymisation or the display of advertising, etc., they are obliged to use the data only for the defined purpose and in turn not to disclose it to third parties. Furthermore, they are obliged to treat the data in accordance with this data protection policy and the applicable data protection law. In accordance with applicable law, we have concluded corresponding contracts with these service providers and obligated them as commissioned data processors to collect, use or disclose your personal data only for the specified purpose and by applying the necessary technical and organisational security measures.

Operationally relevant service providers

In order to be able to offer our services technically, we work together with the following data processing service providers:

Name	Type of data	Purpose of data processing	Information on data protection
birkenbeul GmbH	Personal data	Operation and further development of the offer	https://birkenbeul.com/datenschutz
Hetzner Online GmbH	Personal data	Server operation & operation of the backend	https://www.hetzner.com/de/legal/privacy-policy
Strato AG	Personal data	Test environment	https://www.strato.de/datenschutz/

Provider of user behaviour analysis software

To offer you our services in the best possible way, an analysis of your user behavior is required. For this, we employ methods from providers who analyze your inputs and behavior in our tools.
The purpose of data processing, besides troubleshooting, is primarily the optimization of our offer in terms of the needs of users. We also obtain metrics on user traffic and their temporal distribution, popular content, and the duration of users' stay through the web analysis process.
For analyzing the use of our tools, we employ Matomo in a GDPR-compliant configuration. The instance runs on our own technical infrastructure. Matomo will not set cookies on the visitor's device and will only store anonymized data, which is automatically deleted after 180 days. The legal basis is according to Art. 6 para. 1 lit. f GDPR, our legitimate interest.
For more information on data usage for advertising purposes by Matomo, settings, and opt-out options, visit the Matomo websites:

https://matomo.org/100-data-ownership/ (100% data ownership)
https://matomo.org/gdpr-analytics/ (DSGVO)
https://matomo.org/security/ (security)
https://matomo.org/privacy-policy/ (privacy policy)

Provider for ad placement in our services

To display advertising in our tools, we use self-hosted advertising management software from the company Revive. The software is fed with information about the user before displaying the advertising to show suitable advertisements. This data is not stored on the server after the advertisement is displayed but is stored in an anonymized form on the visitor's device at most. The advertising management tool stores cookies on the visitor's device. The OAID cookie is a cookie that used to be used for tracking the user but is now filled with the value "01000111010001000101000001010010," making it useless. The ad server sets additional cookies to control the display of banners. However, these are not stored personally. The legal basis is according to Art. 6 para. 1 lit. f GDPR, our legitimate interest.
For more information on data storage by the ad server: https://www.revive-adserver.com/privacy/personal-data/

Why we store data and cookies locally on your device

To provide you with our full offering, it is necessary for various reasons to store and process data. To keep you in control of your data, we prefer not to store any personal data about you on our servers. That's why we use the so-called "Local Storage" of your web browser. This means that all data you enter into our tools are placed by us on your computer and stored in your browser. The use of data from Local Storage serves to make our offering more secure, user-friendly, and effective. Furthermore, Local Storage allows you to stop the use of your data at any time by objecting to its use or simply deleting it from your Local Storage. The legal basis is according to Art. 6 para. 1 lit. f GDPR, our legitimate interest.
Eine genaue Auflistung der verwendeten Cookies, sowie eine Beschreibung wie Sie bereits gesetzte Cookies löschen und der Verwendung widersprechen können (Opt-Out) finden Sie unter den sonares-Cookie-Richtlinien.

We protect your data from misuse

To protect your data against misuse and loss, we rely on a combination of various measures and technologies, for example, we encrypt the connection to our server using SSL technology. Additionally, we use administrative data backup technologies and access controls, among other things, to prevent unauthorized access to our systems as much as possible.
Wir arbeiten nach einem umfangreichen Datenschutzkonzept. Mit ihm wird geregelt, dass wir den Zugriff auf personenbezogene Daten auf jene Mitarbeiter und Auftragnehmer beschränken, die die Daten zwingend kennen müssen, um diese Daten für uns zu verarbeiten. Diese Mitarbeiter sind zur Geheimhaltung verpflichtet. Verstöße gegen die Geheimhaltung werden im Rahmen der geltenden Vorschriften angezeigt und verfolgt.
We prefer to work with servers within the European Union but reserve the right to process and store data on hardware outside the European Union if necessary, if data security can be ensured and exclusively within the framework of the applicable privacy policies.

Integration of our services on third-party websites or integration of links to third-party websites

It is possible that our offer is played via third party websites or is integrated into them. This privacy policy does not extend to the websites of third parties. Our privacy policy does not apply to services offered by third parties. This includes advertisements, products or websites on which our offer is embedded or which are otherwise linked to our offer. The privacy policy also does not cover the handling of information by third parties who advertise our services and may use cookies, pixel tags and other technologies, for example to display advertisements.

Profiling

No automated decision-making, known as profiling, takes place during the visit to our website.

Objection

You have the right to object to the processing of your personal data at any time. Please address your objection in writing by email or post to the address of sonares GmbH.