ChemInfo - privacy policy

Privacy Policy

I. Name and address of the responsible party

The controller within the meaning of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection regulations is the Federal Environment Agency, represented by the President of the Federal Environment Agency:

Federal Environment Agency
Wörlitzer Platz 1
06844 Dessau-Roßlau
fon: +49-340 2103-2416
email: buergerservice@uba.de
Internet: https://www.umweltbundesamt.de

II. Name and address of data protection officer

The Federal Environment Agency's data protection officer is available to answer your questions and provide information on the subject of data protection. He is also the contact person for the enforcement of your rights as a data subject:

Mr. Udo Langhoff
Federal Environment Agency
Wörlitzer Platz 1
06844 Dessau-Roßlau
fon: +49-30-8903-5141
email: udo.langhoff@uba.de

III. General information on data processing

1. Use of the ChemInfo Internet search

Scope of of the processing of personal data

We only process the personal data of users of our ChemInfo internet research application to the extent necessary to provide a functional application. The ChemInfo Internet search application is used to search for chemicals and to display general chemical information. The search and display of substance dossiers is possible without personal registration.

The use of this Internet application is generally possible without providing personal data, such as first and last name and email address.

However, each time the application is accessed, the following data, some of which is personal data, is automatically collected by the system of the accessing end device and stored in log files:

1. Information about the browser type and version used,

2. The user's operating system,

3. The user's IP address*,

4. URL of the website from which the user's system accessed our application,

5. Date and time of access,

6. URL of our (sub)page that was accessed by the user's system,

7. Name of the requested file,

8. Transferred data volume,

9. Message whether the call was successful.

*The IP address is stored at the HA proxy, which serves as the central entry point for all requests. As the communication is SSL-secured, no other data (apart from the domain name) can be determined at this point. Based on the domain name, the requests are forwarded to the corresponding reverse proxies of the backends. The Cheminfo backend runs within a Docker Compose network, i.e. incoming IP addresses are "translated" so that the reverse proxy can only log the translated IP address in the log files.

This automated data is not stored together with other personal data of the user.

Certain functionalities of the ChemInfo research application are only available to users after prior registration and activation. These are:

- the search in products requiring registration (these contain licensed data, e.g. GSA, ChemInfo full search (=ChemInfo internal))

- the storage of hit lists or searches in the personal area,

- the downloading of PDF, Word or Excel dossiers and

- Reporting feedback on specialist content.

The following information is required for registration: first name, last name, user name, (work) email address, (work) address, (work) telefon number. By submitting your registration details, you agree the storage of your personal data for the duration of the use of your account.

Legal basis for the data processing

The legal basis for the processing of personal data is the consent of the data subject in accordance with Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).

Purpose of the data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the application and files to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the Internet application. In addition, we use the data to optimize the Internet application and to ensure the security of our information technology systems. Here too, the legal basis is consent, as otherwise the service requested with the consent cannot be provided.

This data from the log file is not merged with any other stored data, as is the case when other services are used in connection with the provision of personal data. The IP address is only evaluated in the event of attacks on the Federal Environment Agency's Internet infrastructure, breaches of public decency and other illegal activities in connection with the use of the app. A conclusion from the IP number to your person is only possible via your dial-in provider through a public prosecutor's investigation.

Data deletion and storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the application, this is the case when the respective session has ended. In the case of saving the data in log files, this is the case after 4 weeks at the latest.

The personal registration data is only stored for as long as the account is active. When the account is deactivated, it is completely deleted, including all data. In the event of a registration that does not result in the account being activated (e.g. due to a lack of user authorization), the personal registration data will be deleted after four weeks at the latest.

Right of objection and removal

The collection of data for the provision of the application and the storage of automated automated data in log files is absolutely necessary for the operation of the application and to maintain an ongoing session and does not require consent within the meaning of § 25 (2) No. 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) and therefore does not require consent or the option to object.

With regard to your stored registration data (user name, name, address, telephone number, email address), you have the option of withdrawing your consent to the processing of personal data at any time. To do so, please contact the ChemInfo office and/or our data protection officer. Your data will then be deleted to the extent permitted by law. However, a note of the data deletion will be stored for the traceability of administrative actions.

2. Email contact

If you contact us by email, your personal data transmitted with the email will be stored.

The data will not be passed on to third parties without your separate consent. The data will be used exclusively for processing the conversation in the respective specialist unit/department of the Federal Environment Agency and the participating state authorities.

Your email address will also be used to verify the registration process.

Furthermore, your email address can be used to receive a ChemInfo newsletter. However, this only happens after you have actively agreed to receive the newsletter in your user profile. You can cancel the newsletter subscription at any time in your user profile.

Legal basis for data processing

The legal basis for the processing of personal data is the consent of the data subject in accordance with Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).

Purpose of data processing

The processing of the personal data from the email serves us solely to process the email.

The other personal data processed during the sending process is used to ensure the security of our information technology system.

Storage duration

The storage of your inquiries and our responses in electronic files of the Federal Environment Agency is carried out in accordance with the guidelines for the processing and management of documents in federal ministries. This serves to monitor the traceability of administrative action. The storage period is up to eleven years.

Right of objection and removal

You have the option of withdrawing your consent to the processing of your personal data at any time. To do so, please contact the ChemInfo office and/or our data protection officer. Your data will then be deleted to the extent permitted by law. However, a note of the data deletion will be stored for the traceability of administrative actions.

Notes on communication by email

Communication by email can have security gaps. Emails can be intercepted and viewed by experienced Internet users on their way to the staff of the Federal Environment Agency. If the Federal Environment Agency receives an email from you, it is assumed that we are also authorized to reply by email to this email address. Otherwise, please consider using another method of communication (e.g. by post).

Beware of dubious emails: Fraudsters repeatedly try to install malware (e.g. viruses and Trojan horses) on other people's PCs via attachments or links in e-mails - by stirring up fears with content such as unpaid bills or attracting attention with dramatic messages. Do not trust emails with provocative subject lines, dubious content or questionable origin and delete them immediately. Never open attachments or links in such emails. As a general rule, the Federal Environment Agency never sends files with the extension ".exe" or ".com" as attachments. Please do not open such files and it is best to inform us of such an e-mail by telephone. The Federal Environment Agency will never ask you to send us sensitive data such as bank details or passwords by email or telephone.

IV. Use of external services

Structures and substructures are entered into the search mask using an editor from Ketcher. A description of how to use the editor can be found at its manufacturer. External link: http://lifescience.opensource.epam.com/ketcher/.

V. Deployment of the application

ChemInfo can be accessed via the following URL: www.chemikalieninfo.de.

VI. Your rights as the person concerned

If your personal data is processed, you are a data subject within the meaning of the EU General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller. Please contact the data protection officer of the Federal Environment Agency (Mr. Udo Langhoff, Federal Environment Agency, Wörlitzer Platz 1, 06844 Dessau-Roßlau, email: udo.langhoff@uba.de, fon: 030/8903-5141).

Right to information - Art. 15 GDPR

The right to information gives the data subject comprehensive insight into the data concerning him/her and some other important criteria such as the purposes of processing or the duration of storage. The exceptions to this right set out in § 34 of the Federal Data Protection Act (BDSG) apply.

Right to rectification - Art. 16 GDPR

The right to rectification includes the possibility for the data subject to have incorrect personal data concerning them corrected.

Right to deletion - Art. 17 GDPR

The right to erasure includes the possibility for the data subject to have data erased by the controller. However, this is only possible if the personal data in question is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in § 35 BDSG apply.

Right to restriction of processing - Art. 18 GDPR

The right to restriction of processing includes the possibility for the data subject to prevent further processing of the personal data concerning them for the time being. A restriction occurs primarily in the review phase of other rights exercised by the data subject.

Right to data portability - Art. 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning him or her from the controller in a commonly used, machine-readable format in order to transmit them to another controller if necessary. According to Art. 20 para. 3 sentence 2 GDPR, however, this right is not available if the data processing serves the performance of public tasks. This is only not the case at the Federal Environment Agency if the processing of personal data is for fiscal purposes.

Right to object - Art. 21 GDPR

The right to object includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the performance of public tasks or public and private interests. According to § 36 BDSG, the right does not apply if a public body is obliged to process the data by law.

Right to withdraw consent - Art. 7 (3) GDPR

You also have the right to withdraw consent within the meaning of Art. 6 (1) a) or Art. 9 (2) a) GDPR at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right of appeal

In accordance with Art. 77 GDPR, every data subject has the right to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority for the Federal Environment Agency is the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn, fon: 0228/997799-0, email:poststelle@bfdi.bund.de, www.bfdi.de.

VII. Necessity of data processing

The processing of personal data by the Federal Environment Agency is directly related to the performance of its public tasks.

VIII. Use of personal data published on our website

We hereby expressly prohibit the use of contact data published within the scope of the imprint obligation by third parties for sending unsolicited advertising and information material. The operators of the application expressly reserve the right to take legal action in the event of the unsolicited sending of of advertising information, for example through spam mails.