Privacy policy

 

This data protection declaration applies to the central website of the University of Erfurt, accessible at "www.uni-erfurt.de". For other websites at projekte.uni-erfurt.de/ or www2.uni-erfurt.de/ other data protection conditions apply. These are listed there separately.

 

Controller

Data Protection Officer

Ute Winter
Datenschutzbeauftragte
Kommunikations- und Informationszentrum (KIZ) / Raum 1.21

General information on data processing

Scope of processing

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Lawful basis

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

The legal basis is Art. 6 para. 1 lit. e GDPR in connection with § 11 ThürHG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Erasure and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

 

Stored information

The University of Erfurt automatically collects and stores information in its server log files that your browser sends to us. These are:

  • Browser type/ -version
  • Operating system used
  • Website from which the access takes place (referrer)
  • Host name of the requesting computer (IP address)
  • Date and time of the server request
  • Name and URL of the retrieved data
  • Amount of data transmitted
  • Message whether the call was successful (http status code)

The University of Erfurt cannot assign this data to specific persons. It is used for evaluation purposes to ensure system security and stability, to detect misuse and to ensure that our website is easy to use. This data is not merged with other data sources, and the data is regularly deleted after statistical evaluation. The data will not be passed on to third parties.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR.

Encryption

This site uses SSL encryption for security reasons and to protect the transmission of all content.

You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the adress line of your browser.

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. Cookies serve to increase the functionality and comfort of the website for you.

The use of our website is normally possible without cookies. Only if you log in to an access-protected area of the website will a personalised database entry be generated, consisting of session ID, anonymised IP address, time stamp, user ID and session data, which is deleted when you log out. Only the last timestamp is stored permanently. A personalized cookie is also created, which is usually deleted when the browser is closed completely.

For backend editors, a function cookie is created when logging in to the backend, which is deleted again when logging out of TYPO3.

Matomo is used for reach measurement (web statistics). Matomo sets a cookie that allows the evaluation of visitor behaviour (see below).

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. Example Firefox

You can also adjust the cookie settings for this website:

Matomo analytics

This website uses Matomo to analyse user flows and measure reach. Matomo is Open Source. The obtained information is used to evaluate the use of the website and to enable a demand-oriented design of our website. For this purpose, a cookie is set on the user's computer after consent by the user (opt-in).

The following data will be stored:

  •     2 bytes of the IP address of the user's calling system
  •     the website accessed
  •     the website from which the user has reached the page called up (referrer)
  •     the subpages that are called from the called web page
  •     the time spent on the website
  •     the frequency with which the website is accessed

The legal basis is your consent in accordance with Art. 6 Para. 1 letter e GDPR.

The data is stored in the cloud at the French provider Matomo. The privacy policy of Matomo can be found at https://matomo.org/privacy-policy/.

The data will be deleted as soon as they are no longer required for our purposes, at the latest after 365 days.

Contact form and e-mail contact

On the University of Erfurt's website there are simple contact forms which can be used for electronic communication. The data entered in the input mask is transmitted. Your consent is obtained for the processing of the data during the sending process and reference is made to this data protection declaration. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR.

Alternatively, you can contact us at any time using the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties.

The legal basis for the processing is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks. The communication of further information by you is voluntary based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be used exclusively for the processing of the conversation. The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended.

Integration of videos (Youtube and Vimeo)

Videos on our pages are only integrated as still images with an embedded link. No data is transferred to third parties until clicking on the still image. Only when player and video load will data be transmitted to:

  •     Youtube/Google : Information on data protection can be found under Google Privacy.
  •     Vimeo :   Information can be found under Vimeo Privacy.

 

Social-Media

In addition to this website, the University of Erfurt has also made appearances at

 

  •     Facebook
  •     Twitter
  •     Instagram
  •     Xing

The corresponding information on responsibility and data protection can be found at the respective websites.

Translated with assisstance of www.DeepL.com/Translator (free version)

Your data protection rights

1. Right of access

You can request confirmation from the controller as towhether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  •      the purposes of the processing
  •      the categories of personal data concerned
  •      the recipients or categories of recipients to whom the personal data have been or will be disclosed
  •     envisaged period for whicht the personal data will be stored. If it is not possible to give specific details, criteria used to determine that period
  •     the existence of the right of rectification, erasure or restriction,  the right to object to such processing
  •     the existence of a right to lodge a complaint to a supervisory authority;
  •     any available information as to the source of the data where the personal data are not collected from the data subject

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

 

2. Right to rectification

You have the right to ask the controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction without delay.

 

3. Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

 

  •     if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data
  •     the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data
  •     the controller no longer needs the personal data for the purposes of the processing, but you need the personal data in order to assert, exercise or defend legal claims
  •     if you have lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction of processing is lifted.

 

4. Right to erasure (‘right to be forgotten’)

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

  •     the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
  •     you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 letter a or Art. 9 para. 2 letter a GDPR and there is no other legal basis for the processing.
  •     You object to the processing pursuant to Art. 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Paragraph 2 GDPR
  •     The personal data concerning you have been processed unlawfully
  •     The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  •     The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the DSGVO.

Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 GDPR, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

 

5. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f GDPR.

The controller will no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

 

 

6. Lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority. In the Land of Thuringia, this is the Thuringia State Commissioner for Data Protection and Freedom of Information ('TLfDI').