Login

Privacy statement

Information pursuant to Article 13 of the EU General Data Protection Regulation (GDPR) for the Indico event management system

1. Persons and contact details

a. Controller within the meaning of the GDPR

The controller within the meaning of the General Data Protection Regulation is the University of Hamburg, a public-law corporation. The contact details are:

University of Hamburg

represented by the President

Mittelweg 177
20148 Hamburg
praesident@uni-hamburg.de

b. Contact person for questions regarding processing

Questions regarding the data processing described below can be directed to

University of Hamburg Computer Center
Basic Infrastructure
Elisabeth Z. Kahnert
rrz-serviceline@uni-hamburg.de.

c. Data protection officer

You can also contact the data protection officer at:

Data Protection Officer of the University of Hamburg
Mittelweg 177
20148 Hamburg
datenschutz@uni-hamburg.de

2. Purpose(s)

Personal data is processed for the following purpose(s):

  • Organization and administration of scientific events, conferences, workshops; registration and deregistration of participants; creation of participant lists; billing of fees.
  • Contacting participants by email.
  • Authorization and authentication of University of Hamburg employees using the Shibboleth Identity Provider (IdP) for the Indico service. This enables secure single sign-on (SSO), in which data is only temporarily exchanged between your IdP (the University of Hamburg) and the service provider. This data is processed exclusively for the purpose of access control and provision of the Indico service. Contact data for the purpose of maintaining contact and evaluation.

3. Legal basis(es)

The legal basis(es) for processing is/are:

  • Employees:
    Article 88(1) GDPR in conjunction with Section 10(1–3) Hamburg Data Protection Act (HmbDSG) in conjunction with Section 85(1) Hamburg Civil Service Act (HmbBG)
  • Students:
    6 (1) (e) in conjunction with (3) GDPR in conjunction with § 111 (1) Hamburg Higher Education Act (HmbHG)
  • External:
    Insofar as the UHH uses M365 to fulfill and initiate contracts Art. 6 (1) (b) GDPR (in particular, implementation of projects and collaborations)
    Insofar as data processing is carried out for the performance of tasks in the public interest Art. 6 (1) (e), para. 3 GDPR in conjunction with § 4 HmbDSG in conjunction with § 3 HmbHG (in particular for research projects)
    In cases where a declaration of consent is given, the legal basis is Art. 6 para. 1 lit. a GDPR

4. Categories of personal data

The following categories of personal data are processed:

  • Identification data: Last name, first name, email address, organization, phone number (if provided)
  • Usage data: IP address, session cookie; pseudonymized identifiers such as persistentID or eduPersonTargetedID Date/time of login, user name (user ID, time of registration)
  • Participation data for events
    • Lecture information for a participant
    • Preferred lecture language
    • Participant list
    • Participant badges

5. Recipients / categories of recipients

Personal data is transferred to the following recipients / categories of recipients:

  • Internal: Event organizers, IT administration

6. Transfer of personal data to a third country

There are no plans to transfer your personal data to a third country/international organization.

7. Duration of storage

Personal data will be stored for the following period:

Data will be deleted after the event has ended plus an additional 6 months.

8. Cookies

We use technically necessary cookies on our Indico instance to ensure the functionality of the platform. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. There are different types of cookies. A distinction is made between first-party cookies and third-party cookies. While first-party cookies are set by the website you are currently visiting and only this website can read information from the cookies, third-party cookies are set by third parties who are not operators of this website. The University of Hamburg does not use third-party cookies. In addition, a distinction is made between session cookies and persistent cookies. Session cookies contain information that is only stored temporarily and is automatically deleted when you leave the website. Persistent cookies are automatically deleted after the specified storage period, which may vary depending on the type of cookie. However, you can delete these cookies at any time via your browser settings. The purpose of using necessary (also technically necessary) cookies is to simplify the use of websites for users.

The legal basis for the storage of cookies or for the storage of information in the end user's terminal equipment and access to information already stored in the terminal equipment is provided by the German Act on the Regulation of Data Protection and Privacy in Telecommunications and Digital Services (TDDDG). In addition, the legal basis for the further processing of personal data collected in this context is provided by the General Data Protection Regulation. Cookies are stored on the user's computer and transmitted to us by the user. Therefore, as a user, you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. Required cookies (essential category) Required cookies are set to make a website usable by enabling basic functions so that a website can function properly. The legal basis for the processing of personal data using cookies to provide certain functions requested by you or to optimize the website for measuring the web audience (necessary cookies) is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.

Name

Provider

Purpose

Expiration

Type

_shibsession_*

UHH

Saving the Shibboleth login on a website (authentication of the user ID)

Session

HTTP cookie

indico_session

UHH

Technically necessary

Session

HTTP cookie

9. Your rights

You have the following rights:

a. Right to information

According to Art. 15 GDPR, you have a right to information from the controller.

b. Right to rectification

Pursuant to Art. 16 GDPR, you may request the controller to rectify inaccurate data.

c. Right to erasure

Pursuant to Art. 17 GDPR, you have the right to have your personal data erased or a “right to be forgotten” vis-à-vis the controller.

d. Right to restriction of processing

You have the right to request that the controller restrict the processing of your personal data in accordance with Art. 18 GDPR.

f. Right to data portability

If you have consented to data processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you have a right to data portability (Art. 20 GDPR).

g. Right to object

If the processing is based on Art. 6 (1) lit. e) or f) GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR vis-à-vis the controller.

h. Right to lodge a complaint

You have the right to lodge a complaint against the processing of your personal data with a competent data protection supervisory authority.

10. General information on these rights:

In some cases, your request cannot or may not be complied with. If your request cannot be complied with for legal reasons, you will be informed of the reason for the refusal.