Data Protection Declaration

The Animal Study Registry (ASR) is a service provided by the German Federal Institute for Risk Assessment (BfR).

The BfR attaches great importance to the responsible handling of personal data. We want users to know when which data is collected and used by the BfR.

The BfR operates a website under the domain www.animalstudyregistry.org. On this website, researchers have the possibility to preregister their animal experiments to increase transparency and reproducibility of biomedical research. At the same time, the Animal Study Registry shall give the scientific community the possibility to retrieve information about the preregistered studies. We only process personal data to the necessary extent. The basis on which different data is processed depends on the purpose for which the data is required.


1. Who is responsible for data processing and who can I contact?

The German Federal Institute for Risk Assessment is responsible for processing your data in line with Art. 4 No. 7 GDPR. You can find our contact details below:

German Federal Institute for Risk Assessment (BfR)
Max-Dohrn-Str. 8-11
10589 Berlin
Tel.: 0049 (0)30-18412-0
Fax: 0049 (0)30-18412-4741
E-mail: poststelle@bfr.bund.de
http://www.bfr.bund.de/en

If you have questions about the processing of your data or about data protection, please contact our Data Protection Officer:

Christin Weigel
German Federal Institute for Risk Assessment
Max-Dohrn-Str. 8-10
10589 Berlin
E-mail: dsb@bfr.bund.de



2. On which legal basis do we process your personal data?

At the BfR, personal data is processed in accordance with the European General Data Protection Regulation (GDPR), the German Telemedia Act (TMG) and the German Federal Data Protection Act (BDSG).

Provided the BfR obtains consent from the person concerned to process their personal data, Art. 6 Para. 1 lit. a GDPR serves as the legal basis. Consent can be revoked at any time with future effect. This also applies to revoking consent that was given to us before the GDPR came into effect, i.e. before 25 May 2018.

If personal data required to fulfil a contract is processed where the contract party is the person concerned, Art. 6 Para. 1 lit. b GDPR serves as the legal basis in the individual case. This also applies to processing that is required to perform pre-contractual measures.

If personal data needs to be processed in an individual case in order to fulfil a legal obligation, Art. 6 Para. 1 lit. c GDPR also serves as the legal basis in conjunction with the relevant legislation from which the legal obligation arises.

In the rare case that vital interests of the person concerned or another individual necessitate processing of personal data, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

The BfR processes personal data during performance of its tasks in the public interest. The public tasks of the BfR include in particular the tasks and activities assigned to it according to the BfR law (BfRG). The legal basis of the processing here is Art. 6 Para. 1 lit. e of the GDPR in conjunction with the relevant provisions of the BfRG, in particular ยง 2 BfRG.

Where necessary, we also process your data for protection of our own justified interests or those of third parties. Examples may include enforcement of legal claims and defence in legal disputes, guaranteeing IT security and IT operation of the BfR, PR work of the BfR or the prevention of crimes, etc. In such cases, Art. 6 Para. 1 lit. f GDPR serves as the legal basis.


4. Which personal data is collected and processed while using the ASR?

3.1. Registering as a user

Anyone who wants to pre-register a study in the ASR is required to create an account. In the registration process, following personal data are being collected:


The legal base for collecting the above mentioned data is a consent given by the user in the registration process according to Art. 6 Para. 1 lit. a GDPR.

3.2. Pre-registration of a study

To allow a precise identification of the person responsible for every registered study, which is crucial for transparency and credibility, following data are collected at this stage of the pre-registration process:


The legal base for collecting the above mentioned data is a consent given by the user in the process of the study registration according to Art. 6 Para. 1 lit. a GDPR.


4. Which personal data is processed in the context of visits to our website?

4.1 Data collection

Each time a user accesses our web pages and each time a file is opened, data on this process is temporarily processed in a log file on the web server.

The following data in particular is saved on each access operation/file opening:


The legal basis for temporary saving of data is Art. 6 Para. 1 lit. e and f GDPR. This data is not combined with the user's other personal data.

When using this information, the BfR does not draw conclusions about the person in question. Rather, this information is required to:


The log files are deleted after 14 days.

4.2 Cookies

Our website uses cookies. Cookies are text files that are saved in the web browser or by the web browser on the user's device. When a user accesses a web page, a cookie can be saved on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user friendly. Some elements of our website also require the accessing browser to be identifiable after a page change.

Desktop site:

Name: asr_bfr

Function:

Duration of validity: One browser session

Cookies are created when the page is loaded and deleted again when the browser is closed.

You can view with any web browser when cookies are set and what they contain. Most browsers are set in such a way that they automatically accept cookies. However, the saving of cookies can be disabled at any time or the browser can be set so that cookies are only saved for the duration of the respective connection to the internet.

If you reject all cookies, the function of the website may be impaired and it may not be possible for the service to be provided in the desired quality.

4.3 Web analysis with the analysis tool AWStats

On the basis of Art. 6 Para. 1 lit. e GDPR in conjunction with Art. 3 BDSG in the context of PR work, the BfR performs statistical evaluation of the user access operations with the AWStats analysis tool (http://www.awstats.org/). The web servers themselves are also operated directly by the BfR and log files produced are anonymised immediately. The data from the log files of the web server is analysed in an anonymised form, i.e. without identification of users based on IP addresses or other personal data. Only a small number of BfR employees have access to this analysis data.

The collection, processing and use of this data as well as its evaluation takes place solely for statistical purposes and to optimise the BfR web page contents. We use these statistics exclusively to measure activity and to improve or adjust our web pages in line with users' requirements.

When individual pages of our website are accessed, the following data is saved:

4.4 Which personal data is processed when contact is established?

Personal data is processed depending on the method of contact. We can distinguish here between contact by e-mail and contact via the contact form.

Contact by e-mail

Contact with the BfR by e-mail can be made via

If you use one of the methods of contact listed above, the data transmitted by you (e.g. first name, surname, address etc.), but at least the e-mail address, as well as the information contained in the e-mail (including any personal data provided by you) will be processed for the purposes of contacting you and handling your issue. We advise you that data processing takes place on the basis of Article 6 Paragraph 1 lit. e GDPR in conjunction with Art. 3 BDSG. It is necessary to process the personal data transmitted by you in order to handle your issue.

4.5 Which personal data is processed in the context of the use of social networks?

The BfR is active on the social networks Twitter, YouTube and Instagram. The BfR website only provides links to our Institute's presence on the respective platforms. The BfR does not save any data relevant to data protection for this purpose.


5. Is data transferred to a third country or an international organisation?

Transfer of data to countries outside of the EU or the EEA (so-called third states) only takes place if this is contractually required, prescribed by law or in the context of order data processing. If order data processors in a third country are used, these processors are contractually obliged to comply with the data protection regulations of the EU.


6. What data protection rights do I have?

The BfR guarantees you the following rights with respect to your personal data:

The restrictions according to Arts. 34 and 35 BDSG apply to the rights to information and erasure.

You can revoke consent given to us to process personal data at any time with future effect. This also applies to revoking consent that was given to us before the General Data Protection Regulation came into effect, i.e. before 25 May 2018.

You can assert the rights specified above to the BfR under support-asr@bfr.bund.de or by post to the postal address of the BfR given at the beginning of this data protection declaration.

Furthermore, you have the right to complain to the regulatory authority for data protection (German Federal Commissioner for Data Protection and Freedom of Information), cf. Art. 77 GDPR in conjunction with Art. 19 BDSG.

You can also contact the Data Protection Officer at the BfR (dsb@bfr.bund.de) with questions or complaints.


7. Changes to the data protection declaration

The BfR reserves the right to modify this data protection declaration so that it always adheres to the current legal requirements. We recommend that you read our data protection declaration regularly in order to stay up to date regarding the protection of the personal data that we collect.


Valid as of: 12.11.2018