Privacy statement

Contact Details

Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity (“Controller”) is:

Universität Hamburg
Mittelweg 177
20148 Hamburg

Tel: +49 40 42838-0
Fax: +49 40 42838-9586

Universität Hamburg is a corporate body organized in accordance with German public law. Univ.-Prof. Dr. Hauke Heekeren, President of Universität Hamburg, Mittelweg 177, 20148 Hamburg, Germany is authorized to represent the University.

Universität Hamburg Data Protection Officer contact details:

Data Protection Officer Universität Hamburg
Mittelweg 177, 20148 Hamburg
datenschutz@uni-hamburg.de

A. Data processing

1. Accessing this website and creation of log files

and information are collected every time this website is accessed or used. These data and information are stored in log files on the server and can include:

  • IP address
  • browser type / browser version
  • date and time the website was accessed
  • user Internet service provider
  • user operating system
  • referring website
  • websites accessed by the User’s system through our website

The temporary storage of data and log files is lawful pursuant to Art. 6 (1) lit. f General Data Protection Regulation (Datenschutz-Grundverordnung—DSGVO)

The IP address is temporarily stored in the system as it is necessary to provide website access to the User’s computer. The IP address is retained while that website is being accessed.

These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.

The data will be deleted when they are no longer needed for the purpose they were collected. For data collected to provide access to the website, this will be at the end of every session.

For log files, this will occur after seven days at the latest. Some data may be preserved for a longer period of time, in which case user IP addresses are deleted or removed, rendering it impossible to link the data to any individual.

2. Cookies

Our website uses cookies. Cookies are small data files, created and stored by the Internet browser on your computer’s hard drive. Accessing a website may result in a cookie being saved on your operating system. This cookie contains a specific string of characters that allows the browser to be clearly recognized every time the website is accessed.

We use cookies to make our website more user-friendly.

The processing of personal data based on the use of cookies is lawful pursuant to Art. 6 (1) lit. f DSGVO.

The purpose of these technical cookies is to simplify website use.

Cookies are stored on the User’s computer and transferred to us. That is why you, as the User, have full control over cookie implementation. You can deactivate or restrict cookies by changing your browser settings. Cookies already stored on your hard drive can be deleted at any time. This can also be done automatically. However, disabling cookies for our website may result in some functions not working correctly.

3. Newsletter

On our website, you can subscribe to the free Universität Hamburg newsletter.

When you register, you will be asked to give your consent to our processing of your data and referred to our Privacy Statement. The process of registering for the newsletter will transmit the information you have entered into the online data entry form.

The processing of information following user registration for the newsletter is lawful subsequent to user consent pursuant to Art. 6 (1) lit. a DSGVO.

The data provided to register for the newsletter will only be used to deliver the newsletter to you and will not be given to third parties. You can unsubscribe from the newsletter at any time. Your data will then be immediately deleted from the system.

4. Registration

Users can register on the Universität Hamburg webpages by providing personal data. All information requested in the online data entry form will be transmitted as part of the registration process.

You will be asked to grant your consent for the processing of this data as part of the registration process.

These data are processed subsequent to user consent pursuant to Art. 6 (1) lit. a DSGVO.

User registration is necessary to provide specific content and services on our website, including the creation and administration of user accounts, participation in surveys, the administration of applications for admission and placement tests, the organization of examinations, registering for courses, events, examinations, and the administrative tasks associated with them.

The data will be deleted when they are no longer needed for the purpose they were collected.

5. Contact form and email contact

There are contact forms on Universität Hamburg webpages that can be used to communicate electronically. When registering, the data entered by you into the online data entry form will be transmitted. Your consent is required for the processing of this data, and you will be referred to our Privacy Statement and asked to grant your consent when you send the form.

Alternatively, contact may be initiated using an email address provided by you. In this case, the personal data provided in the email will be stored. This information will not be passed on to third parties.

These data are processed subsequent to user consent pursuant to Art. 6 (1) lit. a DSGVO.

The processing of information received from the sending of an email is lawful under Art. 6 (1) lit.f DSGVO.

These data are only stored for the purposes of processing that communication. The data will be deleted when they are no longer needed for the purpose they were collected. Personal data derived from the online data entry form and any data transmitted via email will be deleted once the communication with the User has been concluded.

C. Data transfer to third parties

1. Social media

We use social media share buttons on our website to help increase Universität Hamburg’s profile. The individual providers are responsible for ensuring that your privacy is protected according to data protection regulations. We have integrated these buttons for the Facebook, Twitter, Google+ and Xing social networks using the Shariff plugin.

Facebook

We use the Facebook social network share button on our website provided by Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”).

The share button is an automated embedding of layout buttons with links and identical click events to the individual services. No service content is integrated, nor are any data transferred before the User clicks.

Once the button has been clicked, the operator of the social media platform receives the information that the individual page has been accessed, for which personal data are transmitted to the platform operator.

The purpose and scope of Facebook’s data collection, its processing and use of your data as well as your rights and potential settings to protect your private information are explained in the Facebook privacy policy (https://www.facebook.com/about/privacy?ref=new_policy).

Facebook also processes your personal data in the USA, and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Twitter

We use the Twitter social network share buttons provided by the micro-blogging service Twitter, operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”).

The share button is an automated embedding of layout buttons with links and identical click events to the individual services. No service content is integrated, nor are any data transferred before the User clicks.

Once the button has been clicked, the operator of the social media platform receives the information that the individual page has been accessed, for which personal data are transmitted to the platform operator.

The purpose and scope of Twitter’s data collection, the further on-site processing and use of your data as well as your rights and potential settings to protect your private information are explained in the Twitter privacy policy https://twitter.com/en/privacy.

Twitter also processes your personal data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

Google+

We use the Google+ social network share buttons provided by Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

The share button is an automated embedding of layout buttons with links and identical click events to the individual services. No service content is integrated, nor are any data transferred before the User clicks.

Once the button has been clicked, the operator of the social media platform receives the information that the individual page has been accessed, for which personal data are transmitted to the platform operator.

The purpose and scope of Google+’s data collection as well as your rights and potential settings to protect your private information are explained in the Google+ privacy policy. https://policies.google.com/privacy?hl=en&gl=en.

Google also processes your personal user data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Xing

We use the Xing social network share buttons provided by Xing AG, Dammtorstraße 29-32, 20254 Hamburg, Germany.

The share button is an automated embedding of layout buttons with links and identical click events to the individual services. No service content is integrated, nor are any data transferred before the User clicks.

Once the button has been clicked, the operator of the social media platform receives the information that the individual page has been accessed, for which personal data are transmitted to the platform operator.

The purpose and scope of Xing’s data collection, the further processing and use of your data as well as your rights and potential settings to protect your personal information are explained in the Xing privacy policy: https://privacy.xing.com/en/your-privacy.

Instagram

Our website provides a link to Instagram, a service provided by Instagram Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA.

This link is shown as a logo on our website and serves only as a link to Instagram. Your user information will only be transmitted to Instagram after clicking on the link and being taken to the Instagram website.

The purpose and scope of Instagram’s data collection, the further on-site processing and use of your data as well as your rights and potential settings to protect your personal information are explained in the Instagram privacy policy (https://www.facebook.com/help/instagram/155833707900388/).

YouTube

We use the services provided by YouTube to embed videos into our website. YouTube is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is part of Google LLC, registered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Clicking on “Play video” embeds an iframe with the provider’s content into the page. No service content is integrated, nor are any data transferred before the User clicks.

When you activate the content, the operator of the social media platform receives information that the relevant page has been accessed, for which personal data are transmitted to the platform operator.

Further information on the processing of data and the YouTube (Google) privacy statement are available at https://policies.google.com/privacy?hl=en&gl=en.

Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Vimeo

We use the Vimeo plugin for the Vimeo video portal operated by Vimeo LLC.,555 West Street, New York, New York 10011, USA to integrate video material that we have published on Vimeo.

When you access a page on our website featuring an embedded Vimeo video, this will connect to the Vimeo servers, which notify your browser to display the plugin. Information regarding which of our page(s) you have visited will be transmitted to the Vimeo server. If you are logged into your Vimeo account, Vimeo will be able to store this information in your User Account. If you activate a plugin on our website, for example, by clicking the start button for a video or leaving a comment, this information will be stored in your Vimeo account. You can prevent this by logging out of your Vimeo account.

If you do not wish to allow the use of cookies, you can block cookies, or delete them (see Point A.2) using the settings in your browser or by using an appropriate browser Add-On.

Further information on the processing of data and the Vimeo privacy statement are available at https://vimeo.com/privacy.

2. Online tools

Google Maps

We use the Google Maps API, an interactive map and navigation service provided by Google LLC (“Google”). Google Maps is operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Use of Google Maps allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a Google server in the USA. Google may provide the information gained from Maps to third parties, in so far as this is permitted by law or where those third parties process said data as agents of Google.

You may deactivate the Google Maps service, thus preventing the transmission of data to Google, by deactivating JavaScript in your browser. Please note, however, that this will prevent your use of the maps on our website.

The Google privacy policy and additional terms of use for Google Maps are available at https://policies.google.com/privacy?hl=en&gl=en

Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

Google Custom Search

The central search function for our website is provided by the Google Custom Search Engine (GCSE). This search function allows for full text searching through the online material of our website. This search function is accessed by a search box, embedded in the header bar of each individual webpage.

The search box on these webpages (“Search Box”) is provided by Google LLC. and integrated into our webpages without alteration as a software module. By entering a search term into the search box and clicking search, the User activates the search function. This in turn calls up a Search Results page, loaded by a Google provided plugin, which displays the relevant search results. The plugin enables search results to be automatically conveyed from the Google search service to the search results page. Use of the search function provided by Google constitutes a dynamic transmission of data from Google, the service provider, to the search results page. Data will only be transmitted to Google after a User has activated a search box, started a full-text search, and activated the search results page. Use of the search function within the search results page will simultaneously also transfer user data to Google. The full text search and the activation of the search results page this produces will transmit the search term you entered, and the IP address of the computer you are using to Google. If you are also logged into Google at that time, the Google service is able to link this information to your user profile. To prevent profile data accumulating, you should log out of your Google account.

Further information about how Google handles your user information is available at https://policies.google.com/privacy?hl=en&gl=en.

This processing of data is lawful pursuant to Art. 6 (1) sentence. 1 lit. f DSGVO, and is in the legitimate interest of providing the most convenient use of our website.

Google also sends personal data to the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Your rights

You have the following rights:

  • the right to information regarding personal data pertaining to you that is stored by us (Art. 15 DSGVO)
  • the right to correction of any incorrect or incomplete personal information (Art. 16 DSGVO)
  • the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Art. 17 DSGVO)
  • the right to limited processing of personal data (Art. 18 DSGVO)
  • the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Art. 21, DSGVO);
  • the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Art. 7 (3) DSGVO)—this means that the data processing related to that consent will no longer be carried out;
  • the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the DSGVO (Art. 77 DSGVO)

E. Revocation of Consent / Objecting to Processing of Personal Data

You can exercise your right to object, your right of rectification and your right to revoke consent to the processing of your personal data by contacting:

Datenschutzbeauftragter der Universität Hamburg
Mittelweg 177, 20148 Hamburg
datenschutz@uni-hamburg.de

F. Data Protection Code of Conduct

Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.