Data protection Data protection information of the Deutscher Wetterdienst English translation for information only. Only the German version shall be legally binding. The following data protection information gives an overview of the processing. This data protection information shall apply to the processing of data collected on all our web pages on which reference is made to this data protection information, to contracts for which there exists no individual data protection information and to any contacts made with the DWD. In these cases, certain personal data concerning you are processed and stored by us (as the data controller) for the duration necessary for the performance of the agreed purposes and compliance with legal obligations. Please read on to find out what personal data we collect, how we process the data and what your rights are in this context. At the DWD, all processing of personal data takes place in accordance with the EU’s General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). In accordance with Article 4(1) GDPR, ‘personal data’ are defined as any information relating to an identified or identifiable natural person. 1. Data Controller and Data Protection Officer The data controller responsible for the processing of your personal data is Deutscher Wetterdienst Frankfurter Str. 135 63067 Offenbach Germany E-mail: info@dwd.de Tel.: +49 (0)69 / 8062-0 Fax: +49 (0)69 / 8062-4484 If you have any specific questions about the protection of your personal data, please contact our Data Protection Officer at the above address (attn: Datenschutzbeauftragter) or by e-mail to datenschutz@dwd.de. 2. Legal basis for processing of personal data and purposes of processing 2.1. Visits to the website You can access our web pages without having to disclose your identity. The only thing is that the browser you are using on your end device will automatically send certain pieces of information (such as date and time of access, name and URL of the file requested) to the server of our website. The information automatically transmitted also includes the IP address of the end device you are using for the request. When you have finished using our web pages, the IP address is rendered anonymous and stored temporarily in a so-called log file. The log files are deleted automatically after 183 days. Processing of your IP address is necessary for technical and administrative purposes to ensure service connection and connection stability and to guarantee the security and good functioning of our website. The legal basis for processing your IP address is Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. Our legitimate interest to do this is based on the necessity to ensure the trouble-free operation of our website. The processing of your IP address and other information from the log file does not enable us to draw any direct conclusions regarding your identity. Please note that we also use cookies on our web pages. For more detailed information about this please refer to section 4 of this data protection information. 2.2. Subscription to our newsletters 2.2.1. Public newsletters Our website offers the possibility for everyone interested to subscribe to receive different newsletters informing about, for example, current weather, official warnings or the latest press releases. Provided that you have given us your explicit consent (Article 6(1)(a) GDPR), we will use your e-mail address to regularly send the newsletter regarding the topic selected by you. To be able to send the newsletter to you, we collect your e-mail address as mandatory information. Once you have subscribed, we will e-mail you a registration notice, which you have to confirm to actually receive the newsletter (so-called double opt-in method). This will be a proof for us that the subscription was actually initiated by you. You can unsubscribe from the newsletter at any time, e.g. using the link provided at the end of each of the newsletters. If you withdraw your consent to receive the newsletter, your e-mail address will be deleted immediately from our files. 2.2.2. Newsletters for special user groups We also offer newsletters for special user groups. Provided that you have given us your explicit consent (Article 6(1)(a) GDPR), you will regularly receive information regarding the topics you have selected. To be able to send the newsletter to you we request the following mandatory data from you: e-mail address. If we also request your forename, last name, address, your medium, your institution and other information, this is done for enabling us to verify whether you are entitled to receive the information we provide, to prevent any misuse and to be able to contact you directly. Once you have subscribed, we will e-mail you a registration notice, which you have to confirm to actually receive the newsletter (so-called double opt-in method). This will be a proof for us that the subscription was actually initiated by you. You can unsubscribe from the newsletter at any time, e.g. using the link provided at the end of each of the newsletters. If you withdraw your consent to receive the newsletter, your e-mail address will be deleted immediately from our files. 2.3. Orders / processing of orders 2.3.1. Collection of customer data during the processing of orders based on the price list In order to be able to send offers to you and receive and deliver your orders we will create a customer account for you based on the following data: private customers: salutation, title, forename and family name; business customers: company, salutation, title, forename and family name of the contact person; address. These data are collected in order to know who our contract partner is; check the plausibility of the data provided; offer you maximum comfort as well as a quick and easy and individual shopping experience as you go through the ordering process. There is also the possibility to store additional data (VAT No., e-mail address, fax and telephone number). Providing this information is voluntary and not necessary for setting up a customer account. But it makes identifying and contacting you much easier and helps us to provide you with a more detailed invoice. We will only contact you by phone if there is a problem with your order. If you indicate your VAT No., it will be checked automatically and your account will be assigned to a customer group. If you wish to place an order you will have to provide all the mandatory data mentioned above as well as to specify the payment method you wish to use. In this case, a SEPA reference number assignable to you will be stored. All payment processing takes place through our central cash office, the Bundeskasse Trier. These data are collected to be able to process the payment for your order. You can also choose to indicate different invoice or shipping addresses. Processing of these data takes place at your request and is necessary for the performance of a contract or in order to take steps prior to entering a contract (Article 6(1)(b) GDPR). After the offer deadline has expired or your order is completed, we continue to store your data in accordance with Article 6(1)(c) GDPR, unless you have authorised us to hold your data longer than that, for the sole purpose of complying with commercial and fiscal retention and documentation obligations pursuant to German Commercial, Penal and Fiscal Codes (HGB, StGB and AO). Our price list can be found here: https://www.dwd.de/preisliste 2.3.2. Orders from the WetterShop Orders from the online WetterShop are subject to a separate data protection information, which can be read here: https://www.dwd-shop.de/index.php/default/datenschutz/ 2.3.3. Ordering of or registration for any other DWD services which is distributed outside the WetterShop or is not based on the DWD price list If you wish to order or register for one of the other services offered by the DWD, the data we collect as mandatory information may vary depending on the service(s) in question. For the provision of some services, a user account will be set up. We may ask for the following information: salutation, title, forename and family name; address; phone number, fax number; agency/branch, institution, company; a valid e-mail address; bank account details. These data are collected in order to know who our contract partner is; check the plausibility of the data provided; offer you maximum comfort as well as a quick and easy and individual shopping experience as you go through the ordering process; demonstrate that you are authorised to place the order. We will only process your personal data for the purposes of a user account if you have freely given your consent for this (Article 6(1)(a) GDPR). If a service has been ordered, processing of these data takes place at your request and is necessary for the mentioned purposes of contract performance or in order to take steps prior to entering a contract (Article 6(1)(b) GDPR). After deletion of your user account your personal data will be removed from any further use unless retention and documentation obligations pursuant to the German Commercial, Penal and Fiscal Codes (HGB, StGB and AO) prescribe longer storage periods (Article 6(1)(c) GDPR) or you have given your consent to us to hold your data longer than that (Article 6(1)(a) GDPR). 2.4. Registration for events Our website provides the possibility to register for a variety of events organised by the DWD. In addition to date and time of login, we also collect the following mandatory information: name; e-mail address. If we collect more information (e.g. address, name of institute, etc.), this is done for the sole purpose of planning the event(s) or to verify whether you are authorised to take part in the event. Depending on the type of the event, it may become necessary to request even more information (travel dates, submission of technical papers, names of co-authors, etc.). Providing this information is voluntary and not necessary for the registration. The collection of such information aims to ensure the smooth planning of an event. When you have sent the registration form, you will normally receive an e-mail from us, confirming the registration with an overview of the data provided by you. Provided that you have given us your explicit consent (Article 6(1)(a) GDPR), we will use your e-mail address to send information about possible future events regarding similar topics. You may, at any time, withdraw your consent or object to the continued use of your personal details. Your data will be deleted immediately. Your personal data will only be passed on to third parties to the extent permitted by law and necessary for the performance of a contract concluded with you (Article 6 (1)(b) GDPR) or for the purposes of the interests pursued by us or third parties (Article 6(1)(e) GDPR), in conjunction with Section 3 BDSG). This may include, in particular, the transfer of personal data for access authorisations to secured areas (e.g. DFS Campus site) or their transfer to service providers (e.g. printing company). Third parties are permitted to use the data only for the specified purposes. 2.5. Contacting us 2.5.1. E-mail Apart from contacting us by using the feedback form, you can send an e-mail to our central e-mail address info@dwd.de, the personal e-mail addresses of DWD employees or our various functional e-mail addresses. E-mails sent to the central e-mail address info@dwd.de will be forwarded to the responsible division units for processing. Your enquiry may also be forwarded within the division units or from one to another division unit for processing. The division units will store the data communicated by you (e.g. name, forename, address, telephone number) as well as your e-mail address and the information contained in your e-mail in order to be able to contact you and process your enquiry. The same applies to e-mails directly sent to individual contact partners or to functional e-mail addresses. Processing of these data takes place at your request and is based on our interests relating to the performance of tasks carried out in the public interest or in the exercise of official authority in accordance with Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. If the e-mail sent to us is intended to lead to concluding a contract, the processing of your data is based on Article 6(1)(b) GDPR. You may, at any time, withdraw your consent or object to the processing of your personal details. Please note that in this case we may not be able to proceed with your enquiry. 2.5.2. Telephone If you contact the DWD using the central telephone number +49 (0)69 / 8062-0 or by directly calling one of the staff members in the corresponding division unit, your telephone number will be stored in a log file for 6 months. Further personal data about you will only be stored if you request to be called back or to receive a written answer/offer or if such additional data is necessary to process your enquiry. In these cases, data processing takes place as part of our interests relating to the performance of tasks carried out in the public interest or in the exercise of official authority in accordance with Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. If your enquiry is intended to lead to concluding a contract, the processing of your data is based on Article 6(1)(b) GDPR. 2.5.3. Using our feedback form Our website provides feedback forms which you can use to send us your comments. Depending on the topic chosen, we may collect your e-mail address as mandatory information. Your name is mandatory on severe weather reporting forms. We need this information to be able to contact you in case of any questions or to reply to your request. Processing of these data takes place at your request and is based on our interests in performing tasks carried out in the public interest or in the exercise of official authority in accordance with Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. 3. Disclosure of personal data to third parties We will only disclose your personal data to third parties if: you have given us your explicit consent to it (Article 6(1)(a) GDPR); this is necessary for the performance of a contract between you and the DWD (Article 6(1)(b) GDPR); there exists a legal obligation to disclose your data (Article 6(1)(c) GDPR). Third parties are permitted to use the data only for the specified purposes. Personal data are not transferred to a third country (outside the EU) or international organisation. 4. Cookies We use cookies on our website. Cookies are small files that are automatically generated by your browser and are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause damage to your end device and do not contain viruses, Trojan horses or other malicious software. A cookie stores information that arises from the end device used in each specific case. However, this does not mean that, through this, we can directly obtain knowledge of your identity. We use cookies to make your use of our website more comfortable. For this reason, we use so-called session cookies, which allow us to keep track of which pages you have viewed. These session cookies are deleted automatically when you leave our website. The personal data that are processed by cookies are necessary for the purposes of the legitimate interests pursued by us or third parties (Article 6(1)(e) GDPR in conjunction with Section 3 BDSG). Most browsers accept cookies automatically, but you can alter the settings of your browser to reject storage of cookies on your computer or to always be notified before a new cookie is issued. If you disable cookies completely, however, you may lose some functionality of our website. 5. Web analytics: AWStats To analyse the use of our website statistically we use the free web analyser tool AWStats (see section 2.1.). The analyses it produces are based on log files created by our servers during visits to our website. This is done without using cookies. Statistical evaluation does not mean that you can be identified as a person or that certain information can be assigned to you. There will be no generation of pseudonym user profiles. The information collected is not brought into relation with other data. As the software is operated on a web server hosted by us ourselves, the data are not transferred to any other servers. In accordance with Article 6(1)(e) GDPR in conjunction with Section 3 BDSG, we use AWStats in order to develop a demand-oriented layout and to continuously optimise our website. 6. Social media plugins On our website, we also use so-called social media plugins (also known as social media buttons). These are small icons or buttons allowing you to publish the contents of our website in your profile in social networks. If you activate such an icon/button, a direct link will be created between our website and the social network in question. In addition to the respective content, the social network provider receives further, partly personal data. This includes, for example, the fact that you are visiting our website at the very moment. The social media buttons are embedded using a so-called Shariff plugin. This solution, developed by Heise and the German computer magazine c’t, prevents that you are connected to a social network just because you are visiting a web page containing such a social media button, even if not activated. This means that information about you is only transmitted to the social network if you actually use the button. We are using the following social media plugins: 6.1. Facebook share button (Facebook Ireland Limited) Some information is transmitted to Facebook’s parent company, Facebook Inc, in the USA, who has certified to the EU-U.S. Privacy Shield Framework of the U.S. Department of Commerce and has thus promised to comply with the data protection requirements of the privacy shield programme. If you wish to find out more about the purpose and scope for which Facebook collects, processes and uses personal data concerning you or learn about your rights and possibilities of changing settings to protect your privacy please read Facebook’s data policy at https://www.facebook.com/about/privacy/. 6.2. Twitter share button (Twitter International Company) Some information is transmitted to Twitter’s parent company, Twitter Inc, in the USA, who has certified to the EU-U.S. Privacy Shield Framework of the U.S. Department of Commerce and has thus promised to comply with the data protection requirements of the privacy shield programme. If you wish to find out more about data protection by Twitter please refer to their privacy policy information at https://twitter.com/privacy. 7. DWD Twitter channel Our website includes contents from Twitter. However, Twitter contents will only be displayed to you if you have explicitly activated the display of such information. Once a social media plugin has been activated, personal data about the user are transmitted to the corresponding provider – even if the contents are displayed only on the page you are on. In addition, the provider will place a cookie on your computer. The data transmitted to the provider include your IP address and the URL of the page you have opened, irrespective of whether you are a registered user with the provider or not. Among other things, the provider can thus locate the computer used, but not exactly determine your identity. It is also possible to track in which context the content was retrieved and what else you do on the provider’s web pages, e.g. which other websites you open or comment on. All this information is stored on the provider’s servers and is processed and possibly used for market research or marketing purposes. Users who are registered with the provider concerned can be identified directly via the cookie file. This means that providers can assign the activities on a web page that includes an activated area to users registered with them. The Twitter section on our website is only activated if the user clicks the activation button. Only then will user data be transmitted to third parties. You can cancel your approval for activation at any time. This can be done in the Twitter section on our website: just click on the [X] next to “More about data protection” and Twitter will be deactivated again. 8. Data subject’s rights The GDPR provides data subjects with a whole range of rights as listed below. If necessary, you can claim the respect of these rights by writing to the address indicated in section 1. If you have any questions or complaints to make you may also write to our Data Protection Officer; the contact details can be found in section 1. 8.1. Right to withdraw consent You have the right to withdraw a consent you have given to us at any time (Article 7(3) GDPR). As a result, we are then no longer permitted to continue processing your personal data in the way for which you had originally given us your consent. 8.2. Right of access You have the right to request information about what personal data we are processing about you (Article 15 GDPR). In particular, you can request information about the purposes for which your personal data are processed and which categories of personal data are processed; about the categories of recipients to whom your personal data have been or will be disclosed; about the period for which the personal data will be stored; about the existence of a right to request rectification or erasure of your personal data and to request a restriction of the processing or completely object to the processing of your personal data; about the right to lodge a complaint; and about the source of the data where these have not been collected by us. 8.3. Right to rectification You have the right to obtain rectification of inaccurate personal data and have incomplete personal data completed without undue delay (Article 16 GDPR). 8.4. Right to erasure You have the right to obtain erasure of the personal data we have stored about you unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Article 17 GDPR). 8.5. Right to restriction of processing You have the right to obtain restriction of the processing of your personal data (Article 18 GDPR) if you contest the accuracy of your personal data; if the processing of the data is unlawful, but you oppose their erasure and if we no longer need the data, but you require them for the establishment, exercise or defence of legal claims; or if you have objected to the processing of personal data (Article 21 GDPR). 8.6. Right to data portability You have the right to receive the personal data you have provided to us about you in a structured, commonly used and machine-readable format or request their transmission to another controller (Article 20 GDPR). 8.7. Right to lodge a complaint According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority about data processing practised at the DWD. 8.8. Right to object According to Article 21 GDPR, data subjects have the right to object, on grounds of a particular situation, to any continued processing of their personal data which is justified by the performance of public tasks or by public and private interests (Articles 6(1)(e) and (f) GDPR). Exceptions from these rights apply as laid down in Section 36 BDSG. If you object to such processing, we will no longer process personal data concerning you unless we can provide proof of compelling legitimate grounds for such processing which override interests, rights and freedoms of you or the processing is necessary for the establishment, exercise or defence of legal claims. If you object to processing of data for direct marketing purposes, we will immediately stop processing personal data concerning you for such purposes. In this case, it is not necessary to provide any explanation of a particular situation. If you wish to exercise your right to object, it will be sufficient to inform us by e-mail to datenschutz@dwd.de 9. Data security All data provided by you personally are transmitted in encrypted form using the commonly used Transport Layer Security (TLS) protocol. TLS is a well-proven standard protocol for secure data exchange, also, for example, for online banking purposes. You can see whether your connection is TLS-secured from the letter ‘s’ attached to http in your browser’s address bar (i.e. https://...) or from the lock symbol in the bottom part of your browser. Otherwise, we use appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, loss (in whole or in part), destruction or access by unauthorized persons. Our security measures are continuously reviewed and revised in line with the latest technological developments. 10. Status and amendment of this data protection information This is the currently valid version of our data protection information, last updated in April 2019. In the course of future enhancements to our website and the content offered through it or in connection with changes in legal or governmental regulations, however, it may become necessary to implement amendments to this data protection information. You will always find the latest version of this data protection information on our website at www.dwd.de/datenschutz for your reference or to be printed by you. The text is also available for download as pdf.