Privacy policy


This data protection declaration applies to the central website of the University of Erfurt, accessible at "". In addition, this supplemental privacy policy applies to the University Library pages. For other websites at or other data protection conditions apply. These are listed there separately.



Verwaltungsgebäude / Raum 1.40

Data Protection Officer

Anabell Köhler
Data protection officer
(University of Erfurt)
C16 - Universitätsbibliothek / 045
Deputy Data Protection Officer
(University of Erfurt)
C07 - Lehrgebäude 2 / Raum 130d

General information on data processing

Scope of processing

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Lawful basis

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

The legal basis is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG and §16 ThürDSG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Erasure and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.


Stored information

The University of Erfurt automatically collects and stores information in its server log files that your browser sends to us. These are:

  • Browser type/ -version
  • Operating system used
  • Website from which the access takes place (referrer)
  • Host name of the requesting computer (IP address)
  • Date and time of the server request
  • Name and URL of the retrieved data
  • Amount of data transmitted
  • Message whether the call was successful (http status code)

The University of Erfurt cannot assign this data to specific persons. It is used for evaluation purposes to ensure system security and stability, to detect misuse and to ensure that our website is easy to use. This data is not merged with other data sources, and the data is regularly deleted after statistical evaluation. The data will not be passed on to third parties.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR.


This site uses SSL encryption for security reasons and to protect the transmission of all content.

You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the adress line of your browser.


Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. Cookies serve to increase the functionality and comfort of the website for you.

The use of our website is normally possible without cookies. Only if you log in to an access-protected area of the website will a personalised database entry be generated, consisting of session ID, anonymised IP address, time stamp, user ID and session data, which is deleted when you log out. Only the last timestamp is stored permanently. A personalized cookie is also created, which is usually deleted when the browser is closed completely.

For backend editors, a function cookie is created when logging in to the backend, which is deleted again when logging out of TYPO3.

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. Example Firefox



In addition to this website, the University of Erfurt has also made appearances at

  •     Facebook
  •     Twitter
  •     Instagram
  •     Xing

The corresponding information on responsibility and data protection can be found at the respective sites. To Facebook: Usage concept and data protection information of the University of Erfurt

Website analysis with Matomo without cookies

This website uses the open source tool Matomo. The legal basis is our legitimate interest according to Art. 6 para. 1 lit.f to enable a needs-based design of the website. No cookies are set, instead we use key data that the browser sends to us. When calling up the pages, your data is immediately anonymised. A recognition of the website visitors is excluded. A purely statistical count of page views is made. The Matomo data protection declaration can be found at If you have set the "Do Not Track" option in your browser, Matomo will not store or process any of the data of your website visit.

Alternatively, you can use the opt-out shown below.



Contact form and e-mail contact

On the University of Erfurt's website there are simple contact forms which can be used for electronic communication. The data entered in the input mask is transmitted. Your consent is obtained for the processing of the data during the sending process and reference is made to this data protection declaration. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR.

Alternatively, you can contact us at any time using the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties.

The legal basis for the processing is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks. The communication of further information by you is voluntary based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be used exclusively for the processing of the conversation. The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended.

Integration of videos and podcasts


Editors can have the content of the pages translated automatically in the backend via the DeepL-Pro interface. The transmission of the texts (partly with personal data to third parties) to DeepL is exclusively encrypted. The texts are only stored there temporarily for translation and only in the working memory. The University has concluded an order processing contract with DeepL.

    You can find the data protection information from DeepL at

Youtube, Vimeo

Videos (Youtube, Vimeo) on our pages are only integrated as still images with an embedded link. No data is transferred to third parties until clicking on the still image. Only when player and video load will data be transmitted to:

  •     Youtube/Google : Information on data protection can be found under Google Privacy.
  •     Vimeo :   Information can be found under Vimeo Privacy.

Spotify, Anchor, Podigee

For more information, please see the Spotify; Anchor/ Spotify; Podigee privacy policy.


On some of our pages you will find 360°models of buildings of the University. For this offer we use the service of the company Matterport.
By actively clicking on the model still image, you give your consent in accordance with Art. 6 Para. 1 lit. a DSGVO to the forwarding to the Matterport site and to the data exchange that this triggers.
When using this service, personal data is collected by Matterport and, since Matterport is based in America, also transmitted to the USA and processed there. This involves the following data: Your IP address, browser version and displaying device, origin and destination URL, possibly location data and the ID of the respective 3D tour.
You must be aware that by using the service you also enable the setting of cookies by Matterport. We have no influence on this data transmission and the setting of cookies by Matterport. However, we would like to inform you about this:

The provider of the service is Matterport, Inc, 352 E. Java Dr., Sunnyvale, CA 94089, with its registered office in the USA.

  •     Cookie Policy of Matterport
  •     Information on data processing (Privacy Policy)
  •     Legal basis for data processing in the USA: According to its own information, Matterport has committed itself to the EU's Standard Contractual Clauses (SCC) to ensure adequate protection when transferring data outside the EEA. However, we would like to point out that even these recognised standard contractual clauses cannot protect against access to the data by US authorities that is permitted under US law.


On some pages you will find maps from Open Street Map.

Data protection information from OpenStreetMap


Your data protection rights

1. Right of access

You can request confirmation from the controller as towhether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  •      the purposes of the processing
  •      the categories of personal data concerned
  •      the recipients or categories of recipients to whom the personal data have been or will be disclosed
  •     envisaged period for whicht the personal data will be stored. If it is not possible to give specific details, criteria used to determine that period
  •     the existence of the right of rectification, erasure or restriction,  the right to object to such processing
  •     the existence of a right to lodge a complaint to a supervisory authority;
  •     any available information as to the source of the data where the personal data are not collected from the data subject

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.


2. Right to rectification

You have the right to ask the controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction without delay.


3. Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:


  •     if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data
  •     the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data
  •     the controller no longer needs the personal data for the purposes of the processing, but you need the personal data in order to assert, exercise or defend legal claims
  •     if you have lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction of processing is lifted.


4. Right to erasure (‘right to be forgotten’)

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

  •     the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
  •     you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 letter a or Art. 9 para. 2 letter a GDPR and there is no other legal basis for the processing.
  •     You object to the processing pursuant to Art. 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Paragraph 2 GDPR
  •     The personal data concerning you have been processed unlawfully
  •     The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  •     The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the DSGVO.

Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 GDPR, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.


5. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f GDPR.

The controller will no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.



6. Lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority. In the Land of Thuringia, this is the Thuringia State Commissioner for Data Protection and Freedom of Information ('TLfDI').