1. Website and services
GBIF operates a website at gbif.org and a Help Desk at firstname.lastname@example.org. It is GBIF’s policy to respect your privacy regarding any information we may collect while operating these sites and services. If you have questions about deleting or correcting any personal data you find on our website please contact our support team.
The controller in the meaning of Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is:
2. Site Visitors
Just by merely using this website for information purposes, GBIF, like most site operators, collects personal data of the sort that web browsers and servers typically make available, such as the IP address, the browser type, language preference, referring site, and the date and time of each visitor request. GBIF’s purpose in collecting this information is to enable operation of the website and monitor and prevent abusive use of the website.
The legal basis for the processing of these data is our legitimate interest to offer you to visit our site cf. Art. 6 No. 1 lit. f GDPR.
These data will not be combined with other data sources. After use for the above purposes, the data are erased by GBIF after 30 days.
3. General Treatment of Personally-Identifying Information
Certain visitors to GBIF’s sites can choose to interact with GBIF in ways that require GBIF to gather personal data. The amount and type of information that GBIF gathers depends on the nature of the interaction.
For example, we ask visitors who send a message to our Help Desk, requesting assistance, to provide an email address. GBIF collects such information only insofar as is necessary or appropriate to fulfil the purpose of the visitor’s interaction with GBIF. GBIF does not disclose personal data other than as described in the Protection of Information section below. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain activities.
For more information, please read the following sections on data processing, in which further details are provided.
4. Cookies and similar technologies
4.1 Purposes and legal basis
When you use our website, cookies are stored on your computer. Cookies are small text data files which are stored on your hard drive and attributed to the browser you are using and with which the place which sets the cookie (in this case, us) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. They serve the purpose of making the internet offering in general more user friendly and effective.
We use so-called technically necessary cookies on our website. Technically necessary cookies are cookies that are necessary for our website to function correctly. They help to make our website usable by enabling basic functions such as page navigation and access to secure areas of the website.
The legal basis for the use of technically necessary cookies is Art. 6 No. 1 lit. f GDPR.
The legal basis for the collection of information for analytical purposes is your consent cf. Art. 6 No. 1 lit. a GDPR.
You may at any time change your consent by clicking here.
4.2 How to block and delete cookies and similar technologies
You can also prevent the storage of cookies with a corresponding setting in your browser software. If you prevent the storage of cookies, we wish to point out that you may not be able to fully use this website. You can also delete cookies which have been set in your browser. Please visit the website of your browser provider to find information on blocking and deleting cookies.
You can also prevent the collection of the data produced by the cookie that relates to your use of the website (including your IP address) with regard to Google as well as the processing of these data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout.
The lifetime of cookies may vary. We use session cookies which are deleted at the end of a session when you close your browser. We also use persistent cookies which will remain on your device until the expiry of a predefined validity period or until you choose to delete them yourself.
4.3 Detailed information on the cookies and similar technologies used on this website
|Technically necessary||GBIF||Technically Necessary||Session cookies are deleted when you close your browser.|
|Consent (local storage)||GBIF||Technically Necessary||Removed on demand|
|Google Analytics||Google Ireland Ltd||Statistics||13 months|
5. Using GBIF’s Help Desk
If you send a message to our Help Desk a “ticket” along with your email may be logged in our ticketing system. GBIF will keep details provided during a support conversation private. From time to time GBIF may add your email to an appropriate mailing list for additional information. Individuals may remove themselves from mailings by following the unsubscribe link provided in every GBIF email.
The legal basis for processing personal data for Help Desk purposes is our legitimate interest to respond to your requests cf. Art. 6 No. 1 lit. f GDPR.
6. Aggregated Statistics
GBIF may, with the visitor’s prior consent, collect statistics about the behaviour of visitors to its website. For instance, GBIF may monitor the most popular pages, support articles, and blog posts on the site. GBIF may display this information publicly or provide it to others. However, GBIF does not disclose personal data other than described in the Protection of Information section below.
The legal basis for processing personal data for statistical purposes is your consent cf. Art. 6 No. 1 lit. a GDPR.
7. Disclosure and transfer of your data
GBIF discloses personal data only to those of its employees, contractors and affiliated organizations i) that need to know that information in order to process it on GBIF’s behalf or to provide services available at GBIF’s websites, and ii) have agreed to comply with current privacy regulations.
GBIF will not rent or sell personal data to anyone. Other than to its employees, contractors and affiliated organizations, as described above, GBIF discloses personal data only in response to a court order or other governmental request, or when GBIF believes in good faith that disclosure is reasonably necessary to protect the property or rights of GBIF, third parties or the public at large.
To allow for transfer of data to Google in the US, GBIF and Google have entered into Standard Contractual Clauses approved by the European Commission which give personal data essentially equivalent protection as it has in Europe.
GBIF uses the Global Biodiversity Information Facility (GBIF) as a data processor for the purposes of technical hosting of the website.
Data processors may not use personal data for other purposes than to fulfil the agreement with us and are under a duty of confidentiality with regard to such data. We have entered into written data processor agreements with all data processors that process personal data on our behalf.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
9. Your rights
According to the GDPR, you are entitled to the following rights against GBIF as a data subject:
Right of access (Art. 15 GDPR): You have the right to receive information on the information we are processing on you and for what purposes etc. You also have the right to request a copy of your personal data.
Right to rectification (Art. 16 GDPR): You have the right to have incorrect personal data corrected.
Right to erasure (Art. 17 GDPR): In addition, you have the right to demand that your personal data is deleted if further processing is no longer necessary, if processing is unlawful or if you have withdrawn your consent.
Right to restriction of processing (Art. 18 GDPR): Under certain circumstances you have the right to have the processing of your personal data restricted, i.e. to prevent further processing for the time being.
Right to data portability (Art. 20 GDPR): You may have the right to receive your personal data in a machine-readable format in order to forward it or have it forwarded to another controller.
Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing of your personal data that is based on our legitimate interests.
Right to withdraw consent: You have the right to withdraw a consent you have given to us for a specific processing activity at any time.
If you wish to exercise any of these rights, please send us an email at: email@example.com
In addition, you are entitled to lodge a complaint regarding the handling of your personal data with a supervisory authority.