Privacy policy
I. General Preliminary Remarks
The central web server www.uni-bremen.de together with the individual sites belonging to the University of Bremen present the University internally and externally, disseminate information and support the tasks of the university. The web presence has an independent, uniform design. However, the university institutes and Faculties have a certain freedom when it comes to the individual design of their homepages and in this context also bear their own responsibility.
II. Responsibilities and Competences
No guarantee is given for the operation or for the correctness and topicality of the information contained in the web presence. The Center for Networks at the University of Bremen is responsible for the operation of the server. The respective editors are responsible for the organization in the individual Faculties. The University Executive Board has general responsibility for content and decides in case of doubt about the admissibility of the data. The Content Management (Unit 03, Press Office) maintains the landing pages of the central website at www.uni-bremen.de. Otherwise, the departments, units, Faculties and institutions of the University are responsible for the contents they present.
I. Name and address of the person legally responsible
University
of Bremen
The University President, Prof. Dr. Jutta Günther
Bibliothekstrasse 1-3
28359 Bremen, Germany
Phone: +49 421 218-1
Email: web@uni-bremen.de
Website: www.uni-bremen.de
II. Name and address of the data protection officer:
University
of Bremen
Petra Banik
Referat 06
Bibliothekstrasse 1-3
28359 Bremen, Germany
Phone: +49 421 218-60211
Fax: +49 421 218-60210
Email: E-Mail:
pbanik@uni-bremem.de
III. General Information about Data Processing
(1) The University of Bremen takes data privacy very seriously. We process the personal
data collected when visiting our websites in full compliance with the applicable
data privacy regulations. These include, in particular, the EU General Data Protection
Regulation (DS-GVO), the Bremen Implementation Act on the EU General Data Protection
Regulation (BremDSGVOAG) and the Bremen University Law (Section 11 BremHG) and
the Telemedia Act (TMG) apply.
(2) In principle, we process personal data of our users only insofar
as this is necessary to provide a functioning website and present content and
services (see points 6 and 7). The processing of our users’ personal data takes
place only after obtaining their consent. An exception applies in cases where
prior consent is de facto not possible and the subsequent processing is permitted
by law. Any use of your personal data takes place solely for the stated purposes
and to the extent necessary to serve these purposes.
(3) Your data will
neither be published by us nor without authorization passed on to third parties.
We point out, however, that we are entitled in individual cases and on the order
of the competent bodies to provide information on collected data for law enforcement
purposes, to aid the police forces of the Länder in the prevention of risks and
the Federal Intelligence Service in fulfilling the statutory duties of the constitutional
protection authorities of the Federal Government and the Länder (legal basis
Article 6 section 1 item c DS-GVO).
In the following, we wish to inform you
about the nature, scope and purpose of the collection and use of personal data.
1. Data collection and processing when accessing from the Internet
(1) When you visit our website, our web servers automatically save each access in
a log file.
(2) This data is stored separately from other data that you
enter when using the website. It is not possible for us to assign this data to
a specific person. No storage of this data or other personal data of the user
takes place. The storage in log files serves to ensure the functionality of the
website. In addition, the data is used to optimize the website and to ensure
the security of our IT systems.
The legal basis for the temporary storage of data and log files is Article 6
section (1) item (f) DS-GVO.
The following data is recorded:
- The IP address of the requesting computer
- Date and time of access
- Access method / function desired by the requesting computer
- Name and URL of the retrieved file
- Transmitted amount of data
- Access status of the web server (file transfer, file not found, command not executed, etc.)
- The URL from which access is acquired
(3) The login for access to protected areas is partially logged in order to detect
attempts at abuse and password attacks. Thereby, no data is stored with the help
of which personal profiles could be created about the user’s behavior.
(4) The collection of such data and the storage of the data in log files is essential
for the provision and the operation of the website. There is consequently no
possibility for users to protest such use.
2. Cookies
(1) Our websites use cookies in several places. They serve to make our offer more
user-friendly and effective. Cookies are small text files that are stored by
the browser on your computer. Most of the cookies we use are so-called session
cookies (legal basis, Article 6 section 1 item f DS-GVO), which are deleted when
you end your browser session.
The following cookies are set:
- session cookies (for session detection, duration: one session)
- TYPO3 session cookie (for session detection, duration, one session)
- JavaScript cookie for sound (for audio on / off, duration: one session)
- Matomo Cookies for web analytics (see section Analysis Services)
(2) In your browser settings, you can specify whether cookies may be set or not.
3. Web analysis by Matomo (formerly PIWIK)
(1) Our website uses Matomo, which is a so-called web analysis service. Matomo uses
so-called cookies, i.e. text files that are stored on your computer and that
enable us to analyze the use of the website.
(2) For this purpose, the
usage information generated by means of the cookie (including your shortened
IP address) is transmitted to our server and stored for usage analysis purposes.
With the aid of these statistics we can improve our offer and make it more interesting
for you as a user. Your IP address will be immediately anonymized during this
process so that you remain anonymous to us as a user. The anonymization of the
IP address sufficiently takes into account the interest of users in the protection
of their personal data. The information generated by the cookie about your use
of this website will not be disclosed to third parties. You may refuse the use
of cookies by selecting the appropriate settings on your browser. However, in
that case you may not be able to use the full functionality of the website.
(3) The legal basis for the use of Matomo is Article 6 (1) item f DS-GVO.
(4) If you do not agree with the storage and evaluation of data from your visit,
then you can object to the storage with a mouse click at any time. In this case,
a so-called opt-out cookie is stored in your browser, with the result that Matomo
is no longer able to collect any session data. N.B. If you delete your cookies,
this also means that the opt-out cookie will also be deleted and may need to
be reactivated. More information about the privacy settings of the Matomo software
can be found at the following link:
https://matomo.org/docs/privacy/.
4. Data security
(1) Our technical-organizational security measures, with which we protect all data from the access of unauthorized persons, are always kept up-to-date. As far as your data is collected and recorded by us, it is stored on specially protected servers. These are protected by technical and organizational measures against loss, destruction, access, modification or distribution by unauthorized persons. Access to your data is only possible for a limited number of authorized persons. All our employees are sworn to confidentiality. Personal information is always transmitted in encrypted form. The transmitted data is stored in a database that is only accessible to administrators.
(2) We point out, however, that data transmission via the Internet (for example, when communicating by email) may be vulnerable security wise. There is no complete protection from the data being accessed by third parties.
5. Links to websites of other providers
Our Internet pages contain links (references) to external websites of third parties. Our websites may also contain links to external social networks; however, no plug-ins belonging to these networks are used. These websites are subject to the liability of the respective operator. Therefore, we cannot assume any liability for these external contents. At the time the links are included, there is no evidence of illegal contents on the respective pages. However, we have no influence on the current and future design and content of the linked sites. A permanent control of these third party sites would be unreasonable. If we become aware of a violation, we will remove the link immediately. When you leave this site, it is recommended that you carefully read the privacy policy of each website first.
6. YouTube
Our websites use an iFrame of the Google Inc. powered YouTube site. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube iFrame-equipped sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited. If you're logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The legal basis is Article 6 section 1 item f). For more information on how user data is handled, please refer to the YouTube Privacy Policy at https://www.google.de/intl/depolicies/privacy
7. Contact form
(1) If you send us inquiries via the contact form, your details from the application
form, including the contact details you provided there, will be stored in order
to process the request and in case of follow-up questions. We do not share this
data. In order to answer your questions, though, provision of your name and your
email address is mandatory.
(2) In case of your consent, the legal
basis is Article 6 (1) item a DS-GVO.
(3) The granted consent to the
storage of the email address can be revoked at any time. In order to do so, you
can contact the above mentioned addresses or send an email to the following address:
content@uni-bremen.de. In this case, all the personal data stored in the course
of making the contact will be deleted.
8. Newsletter data
(1) If you would like to receive newsletters that may be offered on the website, we need an email address from you, as well as information that allows you to verify that you are the owner of the email address provided and that you agree to the receipt of the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
(2) You may revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.
(3) Legal basis for the processing of the data after registration for the newsletter is in the case of the user’s consent Article 6 section (1) item a DS-GVO.
(4) The data will be deleted as soon as they are no longer necessary for the achievement of the purpose. The user’s email address is stored only as long as the subscription to the newsletter is active.
9. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection when the address line of the browser changes from "http: //" to "https: //" and the lock symbol appears in your browser line. When SSL encryption is enabled, it is virtually impossible for third parties to read the data you transmit to us.
IV. Rights of the Data Subject
Insofar as the University of Bremen processes the personal data you provide, you, as the person affected, are entitled in accordance with DS-GVO to the following rights:
1. Right to information (Article 15 of the DS-GVO)
You may request confirmation as to whether personal information concerning you is
being processed by us. If such processing is undertaken, you can request the
following information on:
(1) the purposes for which the personal data are
processed;
(2) the categories of personal data being processed;
(3) the recipients or the categories of recipients to whom personal data concerning
you have been disclosed or are still being disclosed;
(4) the planned
duration of the storage of your personal data or, if specific information is
not available, criteria for determining the duration;
(5) the existence of a right to rectification or erasure of personal
data concerning you (right to be forgotten), a right to restriction of processing
by the controller or a right to object to such processing;
(6) the existence
of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal
data is not collected from the data subject;
(8) the existence of automated
decision-making including profiling under Article 22 (1) and (4) of the DS-GVO
Regulation and, at least in such cases, meaningful information on the logic involved
and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information
has been communicated to a third country or an international organization. In
this connection, based on the guarantees contained in Article 46 DS-GVO you can
request to be informed of any such transmission of information.
If your personal
data is processed for scientific, historical or statistical research purposes,
the right of access may be limited to the extent that it is likely to render
the research and statistics purposes impossible or seriously impair it, and the
restriction is necessary for the purposes of research and statistics.
2. Right to rectification (Article 16 of the DS-GVO)
You have a right to rectification and / or completion vis-à-vis the controller if the personal data processed is incorrect or incomplete. The controller must make the correction without delay.
3. Right to limit processing (Article 18 of the DS-GVO)
You may request the restriction of the processing of your personal data under the
following conditions:
(1) if you contest the accuracy of your personal information for a period
of time that enables the controller to verify the accuracy of your personal information;
(2) if the processing is unlawful and you refuse to have the personal data deleted
and instead demand the restriction of the use of the personal data;
(3) if the controller no longer needs the personal data for the purposes
of processing; However, you need these to enforce your exercise or defense of
a legal claim, or
(4) if you have objected to the processing pursuant
to Article 21 section 1 DS-GVO and it is not yet certain whether the legitimate
reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted,
such data may be stored only with your consent or for the purpose of asserting,
exercising or defending legal claims or protecting the rights of another natural
person or for reasons of major public interest on the part of the European Union
or a Member State. If the processing of your data in accordance with the a.m.
conditions is restricted, you will be informed by the controller before the restriction
is lifted.
If your personal data is processed for scientific, historical
or statistical research purposes, the right of access may be limited to the extent
that it is likely to render the research and statistics purposes impossible or
seriously impaired, and the restriction is necessary for the purposes of research
and statistics.
4. Right to cancellation (Article 17 of the DS-GVO)
a) Obligation to delete
You may require the controller to delete your personal information without delay.
The controller is then obliged to delete this data immediately, provided one
of the following reasons applies:
(1) The personal data concerning you are
no longer necessary for the purposes for which they were collected or otherwise
processed.
(2) You revoke your consent to which the processing pursuant to Article
6 section (1) item (a) or Article 9 section (2) item (a) DS-GVO referred and
there is no other legal basis for processing.
(3) You submit a protest
pursuant to Article 21 section 1 DS-GVO against the processing and there are
no legitimate overriding reasons for the processing, or pursuant to Article 21
(2) DS-GVO you submit a protest about having your personal data processed.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to
fulfill a legal obligation under EU law or the law of the Member State(s) to
which the controller is subject.
(6) The personal data concerning you were collected in relation to information
society services offered pursuant to Article 8 (1) of the DS-GVO.
b) Information to third parties
If the controller has made the personal data concerning you public and is in accordance with Article 17 (1) under obligation to have it erased, taking due account of the technology available and the implementation costs, including appropriate technical measures he/she is to inform the data controllers who process the personal data that you, the affected person, have requested all links to such personal information or copies or replications of such personal information to be deleted.
c) Exceptions
The right to erasure does not exist if the processing is deemed necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the European
Union or of the Member States to which the controller is subject, or to carry
out a task which is in the public interest or in the exercise of official authority
conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant
to Article 9 (2) item (h) and (i) as well as Article 9 (3) DS-GVO;
(4) for archival purposes of public interest, scientific or historical
research purposes or for statistical purposes pursuant to Article 89 (1) of the
DS-GVO, in so far as the law referred to in subparagraph (a) is likely to render
impossible or seriously affect the achievement of the objectives of such processing,
or
(5) to assert exercise or defense of legal rights.
5. Right to information (Article 19 of the DS-GVO)
If you have declared your right of rectification, erasure or restriction of processing
to the controller, he/she is obliged to notify all recipients to whom your personal
data have been disclosed of this correction or deletion of the data or restriction
of processing, unless this proves to be impossible or involves a disproportionate
effort.
You shall have a right vis--vis the controller to be informed about these
recipients.
6. Right to data portability (Article 20 DS-GVO)
You have the right to receive personally identifiable information about you provided
to the controller in a structured, commonly used machine-readable format. Moreover,
you have the right to transfer this data to another person without hindrance
on the part of the controller, provided that
(1) the processing is based on a consent pursuant to Article 6 section (1)
or Item (a) DS-GVO or Article 9 section 2 item (a). DS-GVO or on a contract pursuant
to Article 6 section (1) item (b) DS-GVO and
(2) the processing is done
by automated means.
In exercising this right, you also have the right to have your personal
data transmitted directly from one controller to another, insofar as this is
technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data
necessary for the performance of a task carried out in the public interest or
in the exercise of official authority vested in the controller.
7. Right to object (Article 21 DS-GVO)
(1) You shall have the right at any time, for reasons arising from your particular
situation, to protest against the processing of your personal data based on Article
6 section (1) item (e) or (f) DS-GVO ; this also applies to profiling based on
these provisions.
The controller shall no longer process the personal data
concerning you unless he/she can demonstrate compelling legitimate grounds for
processing that outweigh your interests, rights and freedoms, or the processing
is for the purpose of establishing, exercising and defending legal claims.
(2) Regardless of Directive 2002/58 / EC, you have the option to exercise
your right of objection by means of automated procedures using technical specifications
in relation to the use of information society services.
(3) If your personal data are processed for scientific, historical or
statistical research purposes, you shall have the right, for reasons arising
from your particular situation, to object to processing for scientific or historical
research purposes or for statistical purposes pursuant to Article 89 DS-GVO.
Your right of objection may be limited insofar as it is likely to render
impossible or seriously affect the realization of research and statistics purposes
and the restriction is necessary for the fulfillment of tasks in the public interest.
8. Right to revoke data protection consent (Article 7 (3) DS-GVO)
You also have the right to revoke a possibly given data protection consent form at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. For this purpose and for further questions on the subject of personal data, you can contact the above addresses as well as by email to the following address: content@uni-bremen.de.
9. Automated decision in individual cases including profiling (Article 22 DS-GVO)
You shall have the right not to be subject to any decision based solely on automated
processing, including profiling, which will have legal effect or affect you in
a similar manner. This does not apply if the decision
(1) is required
for the conclusion or performance of a contract between you and the controller,
(2) is permitted by European Union or Member State legislation to which the controller
is subject, and where such legislation contains appropriate measures to safeguard
your rights and freedoms and legitimate interests, or
(3) with your express consent.
However, these decisions must
not be based on special categories of personal data pursuant to Article 9 (1)
DS-GVO, unless Article 9 (2) item (a( or (g) DS-GVO applies and reasonable measures
have been taken to protect the rights and freedoms as well as your legitimate
interests. With regard to the cases referred to in (1) and (3), the controller
shall take appropriate measures to uphold your rights and freedoms and your legitimate
interests, including at least the right to obtain the intervention of a person
by the controller, to explain his/her own position and be heard.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you have your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you constitutes a breach of DS-GVO. The supervisory authority to which the complaint is submitted shall inform the complainant of the ongoing status and outcome of the complaint.