I. At a Glance

DEAL Open Access Services (DEAS) gGmbH places great importance on the protection and security of personal data. We comply with the relevant provisions of the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR).

In the following, we would like to inform you in detail about the use of your data when visiting our websites and inform you about your options and rights under data protection laws.

II. General Information and Mandatory Information

1) Responsible Party

Responsible for the processing of your data is:

DEAL Open Access Services (DEAS) gGmbH

Landsberger Str. 346

80687 Munich

Germany

Email: mailcontact [at] deal-oa-services [dot] de

2) Contact for Data Protection Questions

DEAL Open Access Services (DEAS) gGmbH is not legally required to appoint a data protection officer. However, we are always available to answer any questions you may have about data protection using the contact details provided in II. 1).

3) Hosting

Our website is hosted on servers in Germany. The hosting provider is:

DomainFactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany

The servers are located within the European Union (Germany) and are therefore subject to an adequate level of data protection in accordance with the GDPR. The hosting provider processes data exclusively on our behalf and is contractually obligated to comply with data protection regulations (data processing agreement in accordance with Art. 28 GDPR).

Further information on data protection at DomainFactory can be found at: https://www.df.eu/de/datenschutz/

III. Description and Scope of Data Processing

1) Provision of the Website and Log Files

Each time our website is accessed, our system (i.e., the web server) automatically collects information from the system of your computer or device.

The following data is collected:

- Information about the browser type and version used
- The operating system of the device
- The Internet service provider
- The IP address
- Date and time of access
- The previous website from which the user accessed our website (referrer URL)

a) Purpose of Data Processing

The temporary storage of your IP address by our system is necessary to enable delivery of the website to your device. For this purpose, the IP address of the device must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in so-called log files is carried out to ensure the functionality of our website. In addition, this data serves to optimize the website and to ensure the security of our information technology systems (e.g., for attack detection).

b) Legal Basis

The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 subpara. 1 lit. f GDPR (our legitimate interests as a website operator in the secure, trouble-free and legally compliant provision of the website).

c) Storage Duration

The above-mentioned data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storing data in log files, this is generally the case after no more than 30 days. Storage beyond this period is possible. In this case, the user's IP address is deleted or anonymized by us, so that assignment to the calling client is no longer possible and the data contained no longer contains any personal reference.

IV. Use of Cookies

1) What are Cookies?

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

2) Cookiebot - Cookie Consent Management

To manage cookie consents and provide information about cookies used, we use the Cookiebot service from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Cookiebot automatically scans our website for cookies used and enables the legally compliant collection and management of user consents. The following data is processed:

- Your IP address (anonymized)
- Your consent decisions
- Date and time of your visit
- Browser and device information
- The URL you visited

Purpose: Legally compliant collection and documentation of cookie consents in accordance with GDPR
Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation) in conjunction with Art. 6 para. 1 lit. f GDPR (legitimate interest in legally compliant website design)
Data Transfer: Denmark (adequate level of protection within the EU)
Further Information: https://www.cookiebot.com/en/privacy-policy/

3) Cookies We Use

We only use technically necessary cookies on our website:

a) CookieConsent

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party Cookie)
Purpose: Stores your consent status for cookies on the current domain. This cookie is necessary to document your cookie preferences and take them into account during future visits.
Cookie Type: HTTP Cookie
Storage Duration: 1 year
Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation to document consent according to Art. 7 para. 1 GDPR)
Data Transfer: Germany (adequate level of protection within the EU)

b) hex

Provider: DEAL Open Access Services (DEAS) gGmbH (First-Party Cookie)
Purpose: Used to manage server requests to the website backend. This session cookie is technically necessary for the proper functioning of the website and communication between your browser and our server.
Cookie Type: HTTP Session Cookie
Storage Duration: Session (automatically deleted when the browser is closed)
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical functionality and security of the website)
Data Transfer: Germany (adequate level of protection within the EU)

4) Your Options Regarding Cookies

You can configure your browser to be informed about the setting of cookies and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

The cookies we use are technically necessary for the operation of the website. Therefore, objecting to these cookies is not possible without impairing the functionality of the website.

V. Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to:

• pursuant to Art. 15 GDPR, request information about your personal data processed by us. This includes the processing purposes, the categories of personal data, the categories of recipients of the data, the planned storage period, the origin of your data, as well as the existence of automated decision-making including profiling;
• pursuant to Art. 16 GDPR, request the correction of inaccurate personal data or completion of your personal data stored by us;
• pursuant to Art. 17 GDPR, request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 GDPR, request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you refuse to have your data deleted, and in cases where we no longer need your data but you need it to assert legal claims. A restriction of processing is also carried out if you have objected to processing but it has not yet been determined whether our legitimate interests outweigh yours;
• pursuant to Art. 20 GDPR, receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
• pursuant to Art. 7 para. 3 GDPR, revoke consent given to us at any time. The lawfulness of data processing carried out until revocation remains unaffected by the revocation;
• pursuant to Art. 21 GDPR, object to the processing of your personal data. If the processing of your data is based on the legitimate interest of DEAL Open Access Services (DEAS) gGmbH or third parties and your objection is based on your particular situation, we will comply unless there are compelling grounds for processing that override your interests, or if we need your data to assert legal claims;
• pursuant to Art. 77 GDPR, file a complaint with a supervisory authority.

If you believe that we have not adequately complied with your rights and our obligations under the General Data Protection Regulation, you have the right to file a complaint with a data protection authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

---

Last updated: November 2025