Disclaimer

Details
I. At a Glance

DEAL Open Access Services (DEAS) gGmbH places great importance on the protection and security of personal data. We comply with the relevant provisions of data protection laws, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

In the following, we would like to inform you in detail about the use of your data when visiting our websites and inform you about your options and rights under data protection laws.

II. General Information and Mandatory Information

1) Responsible Party

Responsible for the processing of your data is:

DEAL Open Access Services (DEAS) gGmbH

Landsberger Str. 346

80687 Munich

Germany

Email: mailcontact [at] deal-oa-services [dot] de

2) Contact for Data Protection Questions

DEAL Open Access Services (DEAS) gGmbH is not legally required to appoint a data protection officer. However, we are always available to answer any questions you may have about data protection using the contact details provided in II. 1).

3) Hosting

Our website is hosted on servers in Germany. The hosting provider is:

DomainFactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany

The servers are located within the European Union (Germany) and are therefore subject to an adequate level of data protection in accordance with the GDPR. The hosting provider processes data exclusively on our behalf and is contractually obligated to comply with data protection regulations (data processing agreement in accordance with Art. 28 GDPR).

Further information on data protection at DomainFactory can be found at: https://www.df.eu/de/datenschutz/

III. Description and Scope of Data Processing

1) Provision of the Website and Log Files

Each time our website is accessed, our system (i.e., the web server) automatically collects information from the system of your computer or device.

The following data is collected:

- Information about the browser type and version used
- The operating system of the device
- The Internet service provider
- The IP address
- Date and time of access
- The previous website from which the user accessed our website (referrer URL)

a) Purpose of Data Processing

The temporary storage of your IP address by our system is necessary to enable delivery of the website to your device. For this purpose, the IP address of the device must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in so-called log files is carried out to ensure the functionality of our website. In addition, this data serves to optimize the website and to ensure the security of our information technology systems (e.g., for attack detection).

b) Legal Basis

The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 subpara. 1 lit. f GDPR (our legitimate interests as a website operator in the secure, trouble-free and legally compliant provision of the website).

c) Storage Duration

The above-mentioned data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storing data in log files, this is generally the case after no more than 30 days. Storage beyond this period is possible. In this case, the user's IP address is deleted or anonymized by us, so that assignment to the calling client is no longer possible and the data contained no longer contains any personal reference.

IV. Use of Cookies

1) What are Cookies?

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

2) Cookiebot - Cookie Consent Management

To manage cookie consents and provide information about cookies used, we use the Cookiebot service from Cybot A/S (now Usercentrics A/S), Havnegade 39, 1058 Copenhagen, Denmark.

Cookiebot automatically scans our website for cookies used and enables the legally compliant collection and management of user consents. The following data is processed:

- Your IP address (anonymized)
- Your consent decisions
- Date and time of your visit
- Browser and device information
- The URL you visited

Purpose: Legally compliant collection and documentation of cookie consents in accordance with GDPR
Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation) in conjunction with Art. 6 para. 1 lit. f GDPR (legitimate interest in legally compliant website design)
Data Transfer: Denmark (adequate level of protection within the EU)
Further Information: https://www.cookiebot.com/en/privacy-policy/

3) Cookies We Use

We use the following cookies on our website:

a) Technically Necessary Cookies

CookieConsent

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party Cookie)
Purpose: Stores your consent status for cookies on the current domain. This cookie is necessary to document your cookie preferences and take them into account during future visits.
Cookie Type: HTTP Cookie
Storage Duration: 1 year
Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation to document consent according to Art. 7 para. 1 GDPR)
Data Transfer: Germany (adequate level of protection within the EU)

hex

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party Cookie)
Purpose: Used to manage server requests to the website backend. This session cookie is technically necessary for the proper functioning of the website and communication between your browser and our server.
Cookie Type: HTTP Session Cookie
Storage Duration: Session (automatically deleted when the browser is closed)
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical functionality and security of the website)
Data Transfer: Germany (adequate level of protection within the EU)

animated / animated-innerpage

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party)
Purpose: HTML Local Storage for controlling animations on the website. Technically necessary for the correct display of visual effects.
Type: HTML Local Storage
Storage Duration: Session
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the proper display of the website)
Data Transfer: Germany (adequate level of protection within the EU)

sppbActiveColorMode

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party)
Purpose: Stores the user's selected color mode preference (e.g., light/dark mode) for the SP Page Builder template.
Type: HTML Local Storage
Storage Duration: Persistent
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in providing user preferences)
Data Transfer: Germany (adequate level of protection within the EU)

1.gif (Usercentrics Pixel)

Provider: Usercentrics (img.sct.eu1.usercentrics.eu)
Purpose: Used to count the number of sessions to the website, necessary for optimizing CMP product delivery (Consent Management Platform).
Type: Pixel Tracker
Storage Duration: Session
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical functionality of the Consent Management System)
Data Transfer: Ireland (adequate level of protection within the EU)

4) Your Options Regarding Cookies

You can configure your browser to be informed about the setting of cookies and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

The cookies we use are technically necessary for the operation of the website. Therefore, objecting to these cookies is not possible without impairing the functionality of the website.

You can change the status of your consent at any time by clicking on the black, round button at the bottom left of our website.

5) Website Analytics (Matomo)

We use the open-source web analytics service Matomo.

a) Purpose of Processing

We use Matomo to analyze the use of our website and implement regular improvements. The statistics obtained allow us to optimize our offering and make it more interesting for you as a user.

If you have given your consent, our system collects the following data and information from the computer system of the calling computer:

- IP address, anonymized by shortening
- Two cookies to distinguish different visitors (pk_id and pk_sess)
- Previously visited URL (referrer), if transmitted by the browser
- Name and version of the operating system
- Name, version and language settings of the browser

Additionally, if JavaScript is activated:

- Visited URLs on this website
- Times of page views
- Type of HTML requests
- Screen resolution and color depth
- Technologies and formats supported by the browser (e.g., cookies, Java, Flash, PDF)

The storage and evaluation of data is carried out exclusively on a central server operated by DEAS gGmbH in Germany.

Only anonymized data is stored and evaluated using Matomo technology. IP addresses are anonymized immediately after processing and before storage. They do not allow identification of visitors to this website. Your data is generally not shared with third parties. Matomo uses cookies. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to a website and is not merged with personal data about the bearer of the pseudonym.

b) Legal Basis

The legal basis for the use of Matomo is Art. 6 para. 1 subpara. 1 lit. a GDPR (your consent, which you have declared via our consent banner). You can revoke this consent at any time with effect for the future.

c) Storage Duration

The collected data is deleted immediately after its purpose has been fulfilled.

d) Revocation of Consent

Of course, you have the option to revoke your consent to this data collection at any time with effect for the future. Data already legally collected until the revocation is not affected by this. You have the following independent options to prevent data collection by the central server:

- Activate the "Do-Not-Track" setting in your browser. As long as this setting is active, our central Matomo server will not store any data from you. Important: The Do-Not-Track instruction generally only applies to the one device and browser in which you activate the setting. If you use multiple devices/browsers, you must activate Do-Not-Track separately everywhere.
- You can change the status of your consent at any time by clicking on the black, round button at the bottom left of our website.

V. Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to:

  • pursuant to Art. 15 GDPR, request information about your personal data processed by us. This includes the processing purposes, the categories of personal data, the categories of recipients of the data, the planned storage period, the origin of your data, as well as the existence of automated decision-making including profiling;
  • pursuant to Art. 16 GDPR, request the correction of inaccurate personal data or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR, request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you refuse to have your data deleted, and in cases where we no longer need your data but you need it to assert legal claims. A restriction of processing is also carried out if you have objected to processing but it has not yet been determined whether our legitimate interests outweigh yours;
  • pursuant to Art. 20 GDPR, receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
  • pursuant to Art. 7 para. 3 GDPR, revoke consent given to us at any time. The lawfulness of data processing carried out until revocation remains unaffected by the revocation;
  • pursuant to Art. 21 GDPR, object to the processing of your personal data. If the processing of your data is based on the legitimate interest of DEAL Open Access Services (DEAS) gGmbH or third parties and your objection is based on your particular situation, we will comply unless there are compelling grounds for processing that override your interests, or if we need your data to assert legal claims;
  • pursuant to Art. 77 GDPR, file a complaint with a supervisory authority.

If you believe that we have not adequately complied with your rights and our obligations under the General Data Protection Regulation, you have the right to file a complaint with a data protection authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

---

Last updated: November 2025