General information on data processing
Scope of processing
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
The legal basis is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG and §16 ThürDSG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Erasure and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
The University of Erfurt automatically collects and stores information in its server log files that your browser sends to us. These are:
- Browser type/ -version
- Operating system used
- Website from which the access takes place (referrer)
- Host name of the requesting computer (IP address)
- Date and time of the server request
- Name and URL of the retrieved data
- Amount of data transmitted
- Message whether the call was successful (http status code)
The University of Erfurt cannot assign this data to specific persons. It is used for evaluation purposes to ensure system security and stability, to detect misuse and to ensure that our website is easy to use. This data is not merged with other data sources, and the data is regularly deleted after statistical evaluation. The data will not be passed on to third parties.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR.
This site uses SSL encryption for security reasons and to protect the transmission of all content.
You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the adress line of your browser.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. Cookies serve to increase the functionality and comfort of the website for you.
The use of our website is normally possible without cookies. Only if you log in to an access-protected area of the website will a personalised database entry be generated, consisting of session ID, anonymised IP address, time stamp, user ID and session data, which is deleted when you log out. Only the last timestamp is stored permanently. A personalized cookie is also created, which is usually deleted when the browser is closed completely.
For backend editors, a function cookie is created when logging in to the backend, which is deleted again when logging out of TYPO3.
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. Example Firefox
In addition to this website, the University of Erfurt has also made appearances at
The corresponding information on responsibility and data protection can be found at the respective sites. To Facebook: Usage concept and data protection information of the University of Erfurt
Website analysis with Matomo without cookies
This website uses the open source tool Matomo. The legal basis is our legitimate interest according to Art. 6 para. 1 lit.f to enable a needs-based design of the website. No cookies are set, instead we use key data that the browser sends to us. When calling up the pages, your data is immediately anonymised. A recognition of the website visitors is excluded. A purely statistical count of page views is made. The Matomo data protection declaration can be found at matomo.org/privacy-policy/. If you have set the "Do Not Track" option in your browser, Matomo will not store or process any of the data of your website visit.
Alternatively, you can use the opt-out shown below.
Contact form and e-mail contact
On the University of Erfurt's website there are simple contact forms which can be used for electronic communication. The data entered in the input mask is transmitted. Your consent is obtained for the processing of the data during the sending process and reference is made to this data protection declaration. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR.
Alternatively, you can contact us at any time using the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties.
The legal basis for the processing is Art. 6 para. 1 lit. e GDPR in connection with § 5 ThürHG, if the processing of the personal data provided by you is necessary for the processing of your request within the scope of the fulfilment of our tasks. The communication of further information by you is voluntary based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data will be used exclusively for the processing of the conversation. The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended.
Integration of videos and podcasts
Editors can have the content of the pages translated automatically in the backend via the DeepL-Pro interface. The transmission of the texts (partly with personal data to third parties) to DeepL is exclusively encrypted. The texts are only stored there temporarily for translation and only in the working memory. The University has concluded an order processing contract with DeepL.
You can find the data protection information from DeepL at https://www.deepl.com/privacy.
Videos (Youtube, Vimeo) on our pages are only integrated as still images with an embedded link. No data is transferred to third parties until clicking on the still image. Only when player and video load will data be transmitted to:
Spotify, Anchor, Podigee
On some of our pages you will find 360°models of buildings of the University. For this offer we use the service of the company Matterport.
By actively clicking on the model still image, you give your consent in accordance with Art. 6 Para. 1 lit. a DSGVO to the forwarding to the Matterport site and to the data exchange that this triggers.
When using this service, personal data is collected by Matterport and, since Matterport is based in America, also transmitted to the USA and processed there. This involves the following data: Your IP address, browser version and displaying device, origin and destination URL, possibly location data and the ID of the respective 3D tour.
You must be aware that by using the service you also enable the setting of cookies by Matterport. We have no influence on this data transmission and the setting of cookies by Matterport. However, we would like to inform you about this:
The provider of the service is Matterport, Inc, 352 E. Java Dr., Sunnyvale, CA 94089, with its registered office in the USA.
- Legal basis for data processing in the USA: According to its own information, Matterport has committed itself to the EU's Standard Contractual Clauses (SCC) to ensure adequate protection when transferring data outside the EEA. However, we would like to point out that even these recognised standard contractual clauses cannot protect against access to the data by US authorities that is permitted under US law.
On some pages you will find maps from Open Street Map.
Data protection information from OpenStreetMap