Data Protection Declaration of the University of Mannheim

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

University of Mannheim
L1,1
68131 Mannheim

Phone: 0621/-181-1001
E-mail: rektormail-uni-mannheim.de

Data Protection Officer of the University of Mannheim
Jan Morgenstern
Lawyer and IT law specialist
E-Mail: datenschutzbeauftragtermail-uni-mannheim.de

1. Personal data
As defined in the General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person. This is data such as the first and last name, address, e-mail address, phone number and, as a rule, the IP address.

2. Extent of personal data processing
Principally, we process personal data only as far as it is necessary in order to provide a functional website and our content and services. We only process personal data of our users after they have given their consent. An exception is made if it is not possible to get consent due to factual reasons and the processing is permitted by law.

We do not deliberately collect personal data of minors. We advise parents and legal guardians to watch their children’s activities online.

3. Legal basis for the processing of personal data
Provided that we have got the users’ consent to process their personal data, Article 6 paragraph 1(a) GDPR is the legal basis for the processing.

When processing personal data is necessary for the performance of a contract to which the data subject is party, Article 6 paragraph 1(b) GDPR is the legal basis for the processing. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.

Provided that the processing of personal data is necessary for compliance with a legal obligation to which the University of Mannheim is subject, Article 6 paragraph 1(c) GDPR is the legal basis for the processing.

If the processing of personal data is necessary to protect the vital interests of the data subject, Article 6 paragraph 1(d) GDPR is the legal basis for the processing.

If the processing is necessary for the purpose of a legitimate interest pursued by the University of Mannheim or by a third party and this interest is not overridden by the interests, fundamental rights and freedoms of the data subject, Article 6 paragraph 1(f) GDPR is the legal basis for the processing.

Our fundamental goal is to implement data-protection principles, such as data minimization, and to limit the processing of personal data while you are visiting our websites to the necessary minimum.

4. Deletion of data and storage period
The personal data of the data subject will be deleted or locked once the purpose for which they have been stored ceases to apply. Personal data may be stored for a longer period if provided for by European or national legislators in EU regulations, laws or other rules to which the controller is subject. The data will also be locked or deleted once a storage period specified in the above-mentioned rules has expired, unless further retention of the data is necessary to enter into or fulfill a contract.

1. Description and extent of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are collected:

• information on the browser type and the version used
• the user’s operating system
• the user’s Internet service provider
• the user’s IP address
• date and time of access
• websites from which the user’s system accesses our website
• websites accessed by the user’s system via our website.

The log files contain IP addresses or other data that can be assigned to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to facilitate the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the functionality of the website. In addition, the data help us optimize our website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing according to Article 6 paragraph 1(f) GDPR.

4. Storage period
The data will be deleted once the the purpose for which they have been collected ceases to apply. For the data collected in order to provide the website, this is the case when the respective session has ended.

If the data are stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that the accessing client can no longer be identified.

5. Right to object and deletion of data
The collection of data for the provision of the website and the storage of data in log files is absolutely essential for the operation of the website. Consequently, the user has no possibility to object.

1. Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic string that enables a clear identification of the browser when the website is accessed again.

We use cookies to improve your experience on our website. Some elements on our website require that the accessing browser can be identified after the user changed to another website.

The following data are stored and transmitted:

• a randomly generated session key of the website
• login information (if necessary)

In addition, we use cookies on our website which enable us to analyze the online behavior of our users. See section VI Web analytics with Matomo.

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing
The purpose of using cookies that are required for technical reasons is to simplify the use of website for users. Some features of our website cannot be offered without the use of cookies. For these features it is necessary that the browser is identified even after the user changed to another website.

We need cookies for the following applications:

• forms
• user login

The user data collected by cookies that are required for technical reasons are not used to generate user profiles.

The use of analysis cookies serves the purpose of improving the quality of our website and its content. Analysis cookies allow us to find out how the website is used in order to continuously optimize our services.

See section VI Web analytics with Matomo.
These purposes also constitute our legitimate interest in processing personal data according to Article 6 paragraph 1(f) GDPR.

4. Storage period, right to object and deletion of data
Cookies are stored on the user’s computer and transmitted to our website. Consequently, the user, has full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. You can also delete cookies which have been stored at any time. This can also be done automatically. If you deactivate cookies for our website, you may no longer be able to use the site’s full range of features.

In addition, most modern browsers have a “Do Not Track” option which enables you to inform websites not to track your user activities.

More information on the privacy settings of the Matomo software can be found on: https://matomo.org/docs/privacy/.

1. Description and extent of data processing
On our website, you have the option to subscribe to free newsletters. The newsletters' administration with regard to subscriptions, deliveries and the recipients administration requires a software. We use the newsletter delivery software provided by rapidmail GmbH (Augustinerplatz 2, 79098 Freiburg im Breisgau, www.rapidmail.de/), a German supplier who was carefully selected according to the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the data protection act of the Land of Baden-Württemberg (LDSG BW).

Subscription to a newsletter takes place with a double opt-in , i.e. the subscription is only completed when you click on the corresponding link in the e-mail you receive to confirm your subscription. The data stored during the newsletter subscription process (e-mail address, IP address, date and time of your registration) are transmitted to a server of rapidmail GmbH in Germany and stored there in line with the European data protection regulations. Rapidmail is forbidden to use your data for any other purposes than the delivery of the newsletter. Rapidmail is not permitted to disclose your personal data.

When delivering newsletters, the delivery status is recorded in order to sort out recipient addresses that are no longer in service.

2. Legal basis for data processing
The legal basis for the processing of personal data after subscription to the newsletter by the users, once their consent has been obtained, is Article 6 paragraph 1(a) GDPR.

3. Purpose of data processing
The user’s e-mail address is processed for the purpose of delivering the newsletter.

The purpose of collecting other personal data in the course of the subscription process is to prevent the misuse of the services or of the e-mail address used.

4. Storage period
The data will be deleted once the the purpose for which they have been collected ceases to apply. Therefore, the user’s e-mail address will be stored until the user unsubscribes from the newsletter or it has been established that the e-mail address is no longer in service.

5. Right to object and deletion of data
You can withdraw your consent to receiving the newsletter at any time and without having to state any reasons and unsubscribe from the newsletter free of charge. To that end, each newsletter contains a corresponding link.

Our website uses map services of the provider HERE to visually display geographical information. When using the map services, HERE also processes data relating to the visitors’ use of the map functions.

We are not being informed of the kind of data transmitted and their use by HERE. Information on the purpose, extent, further processing and use of data collected by HERE as well as your rights in relation to such processing can be found in the HERE Privacy Policy (https://legal.here.com/de-de/privacy/policy). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

The University of Mannheim offers a feature on the university intranet that allows the Communications department to “push” selected notifications to staff members’ browsers (“push notifications”). Enabling the feature is voluntary; staff members must subscribe to the notifications if they wish to use them.

Although the university does not process any personal data when sending the push notifications, the respective browser vendor may do so. However, the messages are usually encrypted according to the IETF specification so that only the local browser can decrypt them. Please check with the respective browser vendor to learn more about how push notifications are handled.

We are not being informed about the content of the data transmitted and their use by social networks (e.g. Facebook, Instagram, LinkedIn, Twitter, YouTube). Information on the purposes, extent, further processing and use of data collected by each social network as well as your rights in relation to such processing can be found in the respective privacy policies. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

We do not know what kind of data are collected and how they are used by the respective social network. It is very likely that at least the following data are collected even if you are not signed in:

• IP address
• time when the website was accessed
• URL of the website that uses the plugin
• location-based information (on mobile devices)
• device-related information (e.g. the operating system used and browser information)
• websites which were visited previously for advertising purposes
• data of uninvolved third parties (e.g. e-mail addresses (in case of recommendations)).

Unless otherwise specified, it can be assumed that the following technologies are used for data processing:

• cookies (e.g. permanent storage of your login data), this can also happen via third party providers such as advertising customers
• log files (storage of the cookie data on the service’s servers)
• analysis scripts (e.g. tracking of the clicking behavior on a website)
• forwarding of posted links
• local data storage (e.g. permanent storage of pictures)
   

1. Facebook
Our website uses plugins of the social network Facebook provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can recognize Facebook plugins by the Facebook logo or the “Like” button. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the Facebook server. This way, Facebook receives information that you have visited our website with your IP address. If you are logged in to your Facebook account, Facebook can link your visit to our website to your user account. If you do not wish Facebook to link the data collected via our website to your Facebook account, please log out of your Facebook account before visiting our website.

We are not being informed of the kind of data transmitted and their use by Facebook. Information on the purpose, extent, further processing and use of data collected by Facebook as well as your rights regarding such processing can be found in the Facebook Privacy Policy (https://facebook.com/policy.php). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

2. Instagram
Our website uses features of the Instagram service provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our website to your Instagram profile by clicking on the Instagram button. This way, Instagram can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by Instagram. Information on the purpose, extent, further processing and use of data collected by Instagram as well as your rights in regarding such processing can be found in the Instagram Privacy Policy (https://help.instagram.com/155833707900388). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

3. LinkedIn
Our website uses features of the LinkedIn network provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. If you visit a page on our website that uses LinkedIn features, your browser sets up a direct connection with the LinkedIn server. This way, LinkedIn receives information that you have visited our website. If you click on the LinkedIn “Recommend” button while you are logged in to your LinkedIn account, LinkedIn can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by LinkedIn. Information on the purpose, extent, further processing and use of data collected by LinkedIn as well as your rights regarding such processing can be found in the LinkedIn Privacy Policy (https://www.linkedin.com/legal/privacy-policy). The University of Mannheim does not assume responsibility for these contents or the privacy policy.

4. Twitter
Our website uses features of the Twitter service provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the “Retweet” feature, the websites visited by you are linked to your Twitter account and disclosed to other users. This way, Twitter can link your visit to our website to your user account. We are not being informed of the kind of data transmitted and their use by Twitter. Information on the purpose, extent, further processing and use of data collected by Twitter as well as your rights regarding such processing can be found in the Twitter Privacy Policy https://twitter.com/privacy. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

5. YouTube
Our website uses plugins of the Google-operated website YouTube provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the YouTube server. This way, YouTube receives information that you have visited our website. If you are logged in to your YouTube account, YouTube can link your visit to our website to your user acount. If you do not wish YouTube to link the data collected via our website to your YouTube account, please log out of your YouTube account before visiting our website.

We are not being informed of the kind of data transmitted and their use by YouTube. Information on the purpose, extent, further processing and use of data collected by YouTube as well as your rights regarding such processing can be found in the YouTube Privacy Policy (https://www.google.de/intl/de/policies/privacy). The University of Mannheim does not assume responsibility for these contents or the privacy policy.