This website uses cookies. You can find more information about this in our privacy policy.

Privacy Policy

Status: April 2026

We process personal data (hereinafter mostly referred to simply as “data”) only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

Pursuant to Art. 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter “GDPR”), “processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide alone or jointly with others on the purposes and means of processing.

Our privacy policy is structured as follows:

  1. I. Information about us as the controller
  2. II. Rights of users and data subjects
  3. III. Information on data processing

I. Information about us as the controller

The controller responsible for this website under data protection law is:

German Center for Integration and Migration Research (DeZIM) e.V.
Mauerstraße 76, 10117 Berlin, Germany
Email: info@dezim-institut.de

Contact details of the Data Protection Officer:

German Center for Integration and Migration Research (DeZIM e.V.)
Mauerstraße 76, 10117 Berlin, Germany
Email: datenschutz@dezim-institut.de

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • to confirmation as to whether data concerning them are being processed, to information about the data processed, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);
  • to rectification or completion of inaccurate or incomplete data (see also Art. 16 GDPR);
  • to the immediate erasure of data concerning them (see also Art. 17 GDPR) or, alternatively, insofar as further processing is required pursuant to Art. 17(3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them that they have provided and to have these data transmitted to other providers/controllers (see also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they believe that data concerning them are being processed by the controller in violation of data protection regulations (see also Art. 77 GDPR).

Competent supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61
10555 Berlin
Germany
Email: mailbox@datenschutz-berlin.de

In addition, the controller is obliged to inform all recipients to whom data have been disclosed about any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17(1) and 18 GDPR. This obligation does not apply if such notification is impossible or would involve a disproportionate effort. Without prejudice to this, users have a right to information about these recipients.

Users and data subjects also have the right, pursuant to Art. 21 GDPR, to object to the future processing of data concerning them if the data are processed by the controller on the basis of Art. 6(1)(f) GDPR.

III. Information on data processing

The data processed when using our website are deleted or their processing is restricted as soon as the purpose of storage no longer applies, provided that there are no statutory retention obligations and no different information is provided below for individual processing operations.

Server data

For technical reasons, in particular to ensure a secure and stable website, data are transmitted to us by your internet browser. These so-called server log files include, among other things, the type and version of your internet browser, the operating system, the pages of our website you access, the date and time of the respective access, and the IP address of the internet connection from which our website is used.

The data collected in this way are stored temporarily, but not together with other data about you. This storage is based on Art. 6(1)(f) GDPR.

The data are deleted no later than after 14 days, unless further retention is required for evidentiary purposes. Otherwise, the data are exempt from deletion in whole or in part until an incident has been finally clarified.

Technical and organisational security measures

To protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties, we implement appropriate technical and organisational measures (TOMs) pursuant to Art. 32 GDPR. Our security measures are continuously improved and adapted in line with technological developments. These include in particular:

  • Encryption: To ensure the confidentiality and integrity of your data, we use SSL/TLS encryption for the transmission of content on our website. In addition, our data backups are stored only in encrypted form to prevent unauthorised access to archived data.
  • Access restrictions: We strictly minimise access to our servers and databases. Only authorised persons entrusted with the technical, administrative or editorial management of data are granted access—and only to the extent strictly necessary for their tasks.
  • Maintenance and updates: To defend against security risks and software vulnerabilities, we operate active patch management. Current security patches are installed regularly and promptly in our systems and server environments to maintain a consistently high level of protection against external attacks.

Recipients of personal data

Within our institute, only those units have access to your personal data that require it to fulfil the purposes stated above (e.g. IT administration, research data management, processing of applications).

Personal data are generally not transferred to external third parties.

Our entire IT infrastructure is operated within our organisation (on-premise operation). Processing by external service providers within the meaning of processing on behalf pursuant to Art. 28 GDPR does not currently take place.

Should it become necessary in individual cases to involve external service providers (e.g. for maintenance or support), this will take place exclusively on the basis of a corresponding data processing agreement pursuant to Art. 28 GDPR and in compliance with data protection requirements.

Personal data are not transferred to countries outside the European Union or the European Economic Area.

Cookies

We use only technically necessary cookies (so-called session cookies) that are required for the secure and functional operation of our website. These cookies are automatically deleted when the session ends.

In this context, personal data are processed only to the extent necessary to provide the website.

The legal basis is Section 25(2) No. 2 TDDDG and Art. 6(1)(e) GDPR.

User account / registration function

If you create a user account via our website, we process the personal data you provide during registration (e.g. name, institutional affiliation, email address).

Processing is carried out to provide and use our research data infrastructure, in particular to set up and administer your access to data services, to communicate in the context of usage applications and data access, and to inform you about relevant changes, new data offerings or expiring usage authorisations.

The legal basis for processing is Art. 6(1)(e) GDPR (performance of a task carried out in the public interest) in conjunction with Art. 89 GDPR (scientific research purposes).

Where a specific user relationship is established or performed in the course of using our services, the processing of the data required for this purpose is additionally carried out on the basis of Art. 6(1)(b) GDPR.

If, beyond this, individual processing activities are not necessary to fulfil the aforementioned purposes, they are carried out exclusively on the basis of separate consent pursuant to Art. 6(1)(a) GDPR. Consent given may be revoked at any time with effect for the future.

Your data are not used for advertising purposes.

Your data will be deleted as soon as they are no longer required for the purposes stated above, provided that no statutory retention obligations conflict with this.

Data processing in the context of research data access

As part of our activities as a research data centre, we also process personal data in connection with the application, review and provision of data usage.

This includes in particular:

  • processing usage applications and research projects,
  • reviewing access eligibility,
  • concluding and managing usage agreements,
  • providing data access (e.g. remote access or controlled on-site use),
  • documenting and logging data access.

In doing so, the following categories of personal data may be processed in particular:

  • contact details
  • institutional affiliation
  • information about research projects
  • log data on the use of the provided data access.

Processing is carried out on the basis of Art. 6(1)(e) GDPR in conjunction with Art. 89 GDPR and Section 27 BDSG to perform tasks in the public interest in the field of scientific research.

There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

Note: Separate privacy provisions apply to the processing of the actual research data (e.g. contents of datasets or studies), which you can view [linked here].