Data Protection Declaration of the University Library

In accordance with Article 13 of the General Data Protection Regulation (GDPR), the University Library provides information on its specific data processing processes. Please observe the general information on data protection on and in connection with our websites in the Data Protection Declaration of the University of Mannheim.

I. Contact details of the controller and the data protection officer

1. Controller

University of Mannheim
Schloss
68131 Mannheim
Phone: +49 621 181-1001
E-mail: rektor uni-mannheim.de

2. Data protection officer

Data protection officer of the University of Mannheim
L 1, 1
68131 Mannheim
E-mail: datenschutzbeauftragte uni-mannheim.de
Phone: +49 621 181–1126

II. Chat

1. Description and scope of data processing

If you use the chat provided by the University Library, the start and end time of the chat as well as the chat history are recorded. Chat protocols are stored for two days. You can request a copy of the chat history before the chat ends.

Mannheim University Library generates quantitative statistics such as the number of queries and the time they were received. For this purpose, we do not process personal data.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 of the data protection act of the Land of Baden-Württemberg (Landesdatenschutzgesetz, LDSG). The legal basis for storing the chat protocols is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing

Processing personal data is required for using the the chat. Chat protocols are stored for two days in order to be able to retrace chats if there is ground to suspect misuse of the service or a criminal offense.

4. Duration of storage

Chat protocols are automatically deleted after two days.

III. Forms

When you send us inquiries via our contact form, the data indicated in this form and the time the form is sent are stored, put in an e-mail and transferred to the responsible library staff members to process the inquiry. The sender, the recipient as well as the date and time of e-mails are being recorded. E-mails are deleted after two weeks at the latest. When you order library items, the data required for this process are stored in the library system.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG.

The data in the required fields are necessary to process your inquiry. If required data are missing, your inquiry cannot be processed.

Your data will be deleted once the inquiry has been processed completely.

1. Online registration for non-university members and members of cooperating institutions

If you register, the data you enter in the form will be forwarded to the University of Mannheim and stored in the library system.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG and section 5 subsection 7 of the Rules and Regulations Governing the Use of the Mannheim University Library.

Your data are processed for user administration, the borrowing of items from the library and for authentication purposes if electronic offers are used. The data in the mandatory fields are required to process your registration in accordance with section 5 subsection 7 of the Rules and Regulations Governing the Use of the Mannheim University Library as at 6 November 2009 and section 3 subsection 3 of the Terms of Use for Information Processing Systems of the University of Mannheim as at 20 June 2001 (PDF, 29 KB). If required data are missing, your registration cannot be processed.

Your data will be deleted once your user authorization ends, either after the expiration of the set period or upon your request.

2. Interlibrary loan

When you request an interlibrary loan, the data indicated in the form are stored in the library system to process the inquiry. The order data and a local user ID are then transferred to the interlibrary portal of the Library Service Centre Baden-Wuerttemberg and to the library providing the item. Your name will not be shared.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG.

The data in the required fields are necessary to process your registration. If required data are missing, your registration cannot be processed.

Your data stored in the library system are anonymized after a maximum of 90 days after the completion of the interlibrary loan.

3. Application for funding of open access publication fees

A) Description and scope of data processing

When you send us an application for funding of open access publication fees, the data indicated in the form and the time the form is sent are stored, put in an e-mail and transferred to the responsible library staff members to process the inquiry. At the same time, your data are automatically transferred into MADOC and the library system and stored there.

If your article is published with funding provided by the open access publishing fund, the University Library forwards the invoice to Division IV – Finances and Procurement of the University of Mannheim for payment. In addition, the University Library may share your payment information with the publishing house that publishes your article.

Your data are shared with the sponsors of the open access publishing fund for reporting purposes. Moreover, for statistical purposes, the University Library plans to share the sum with which an article was funded, the year of publication, the institution and the DOI of the article with the Open APC Platform.

If your article is funded by the Mannheim Centre for European Social Research (MZES), the University Library transfers your data to the MZES to process the application.

b) Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG. The legal basis for the further processing of personal data for statistical purposes is section 13 subsection 1 LDSG.

c) Purpose of data processing

The data in the required fields are necessary to process your application. If required data are missing, your application cannot be processed. In addition, your data are further processed for statistical analyses via the publishing fund.

d) Duration of storage

If your article is published with funding provided by the open access publishing fund, your data will remain stored on MADOC and the library system. Moreover, the University Library lists the published article in the university bibliography on MADOC and marks it as a funded article. The other data will be deleted once the processing has been completed.

If your article is not published with funding provided by the open access publishing fund, your data remain stored in the library system for statistical purposes. The other data will be deleted once the processing has been completed.

4. Registration for ZWÖLFDREISSIG for students of HAW and DHBW Mannheim

When you register for a ZWÖLFDREISSIG course, only your email address will be stored by the time you send it. Your email address will be used to send you a link to the online course.

The legal basis for the processing of personal data is Art. 6 Abs. 1 lit. e in conjunction with Art. 6 Abs. 3 DS-GVO in conjunction with § 4 LDSG.

The specification of the e-mail address is necessary to provide you with the link to the online course. Without providing your email address, your registration cannot be processed.

After the end of the course, your data will be deleted.

IV. Seat booking

Users of the University Library Mannheim can use the MARS reservation system to book work stations at the libraries.

1. Description and scope of data processing

In order to book work stations, check, change or delete your bookings, you need to enter your access information (Uni-ID and password) and login to the MARS reservation system.

The identity management of the University IT will provide additional information on your person. The user group will be checked to ensure that only authorized users book seats. As long as you are logged in to the MARS reservation system, your name will be shown. Your name and your e-mail address will be used to send you a confirmation e-mail, if you choose this option. The sender, the recipient as well as the date and time of e-mails are being recorded. E-mail protocols are deleted after two weeks, at the latest.

In the MARS system, your Uni-ID, your bookings, including their date and location, and your user group are stored for a maximum of three days after the booking date.

The ecUM or the library card is used to record the date and time when and the location where you enter or leave the library. When you enter the library, we will check your user status and your booking, if applicable, in order to check your access authorization. If you are denied access, the data will be automatically deleted, otherwise the data are deleted four weeks after you visited the library.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG.

3. Purpose of data processing

Data processing is required for booking seats at the libraries.

4. Categories of recipients

The staff members of the University Library who require the data for fulfilling their work duties are the internal recipients.

5. Duration of storage, deletion of data

Your data are only stored as long as this is required for the purposes specified above. This does not apply if longer storage or retention periods are provided for by mandatory law or are required for enforcing rights (statutory limitation periods). If data are only processed for these purposes, data access is limited to the extent required.

The data stored in the MARS system are deleted three days after the individual booking date, at the latest. You can delete your bookings in the MARS reservation system until the booking date.

The data recorded when you enter or leave the libraries will be deleted four weeks after your visit.

V. Contact-tracing of visitors of the University Library or its InfoCenter during the coronavirus pandemic

Under the Corona Ordinance (Corona-Verordnung), we are obliged to collect the data specified below. When you visit the libraries, we usually collect the data by registering your ecUM when you check in and check out. When you visit the InfoCenter, we collect the data at the InfoCenter by using a paper or web form.

1. Processed data categories

If you have an ecUM or a library card: usually the ID of your ecUM or your library card as well as the date, time and location of checking in and checking out. Upon request of the responsible authority, we will use these data to process and transmit your name and your contact details in order to trace routes of transmission.

If you do not have an ecUM or a library card: Name, first name, address, phone number, date, time and location when you enter or leave the library. Upon request of the responsible authority, we will transmit these data in order to trace routes of transmission.

2. Purpose of data processing and possible consequences of non-disclosure of the personal data

Data is processed to trace possible routes of transmission during the COVID-19 pandemic. It is not possible to visit the libraries without providing the information.

3. Legal basis

Article 6 paragraph 1(c) GDPR in conjunction with section 14 sentence 1 number 1 in conjunction with section 6 of the Corona Ordinance (Corona-VO of the Land of Baden-Württemberg).

Article 6 paragraph 1(c) GDPR in conjunction with section 10 subsection 1 in conjunction with section 6 of the Corona Ordinance

Article 6 paragraph 1(c) GDPR in conjunction with section 4 subsection 1 number 2 of the coronavirus decree for higher education and the arts (Corona-Verordnung Studienbetrieb und Kunst) in conjunction with section 6 of the Corona Ordinance

4. Recipients

The staff members of the University Library who require the data for fulfilling their work duties are the internal recipients.

External recipients may be staff members on guard duty.

Upon request, Mannheim University Library will transmit the data collected to the responsible authority, if and to the extent this is required for tracing possible routes of transmission.

5. Duration of storage

The data are deleted four weeks after visiting the libraries or the InfoCenter.

VI. MAJOURNALS

MAJOURNALS uses the software Open Journal Systems (OJS) to support researchers at the University of Mannheim in publishing open access journals, open access conference series and in presenting the articles published in these journals or series. On the website, editors, reviewers and authors can register as users of the software in order to submit articles, manage the review process via OJS and publish open access articles.

1. Registration

A) Description and scope of data processing

When you register for MAJOURNALS, your data indicated in the form and the date and time of the registration are stored. When you are registered, your personal settings and the date of your latest login are also stored.

b) Legal basis for data processing

The legal basis for the processing of personal data, once the consent of the user has been obtained, is Article 6 paragraph 1(a) GDPR.

c) Purpose of data processing

The data in the required fields are necessary to set up a personal account. If you register as an author or external reviewer, the purpose of the processing of your personal data is the communication between publishers, authors and reviewers and the publication of the magazine. The purpose of processing the registration date and the date of the latest login is to prevent the misuse of the services or of your data.

d) Duration of storage

Your personal data will be permanently stored until you revoke your consent. You can modify your personal data at any time. You may revoke your consent to your data being processed at any time by sending an e-mail to publishing bib.uni-mannheim.de. Your account or individual data will then be deleted.

2. Submission, review and publication of articles

When articles are submitted and reviewed, further personal data are generated. The legal basis for the processing is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG. These personal data will be stored permanently.

When your article was published, your personal data will be stored permanently. Metadata of published articles are published and transferred to third parties for the purpose of the DOI registration, for listing in catalogs, for searchability in search engines and for long-term preservation. The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with Article 6 paragraph 3 GDPR in conjunction with section 4 LDSG.

VII. Comment function on the blog

1. Description and scope of data processing

The University Library uses the blogging software WordPress to publish news from the University Library. You can comment on these posts and enter your name or a pseudonym. After review by the University Library’s team, the comments are published.

When you post a comment, the following data are stored:

  • name or pseudonym
  • e-mail address
  • IP address
  • date and time of access
  • content of the comment

Your e-mail address and IP address will not be published.

2. Legal basis for data processing

The legal basis for the processing of personal data, once the consent of the user has been obtained, is Article 6 paragraph 1(a) GDPR. The legal basis for storing the IP address is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing

The purpose of processing your data is to prevent the misuse of the services. Besides, it enables us to contact you personally via e-mail.

4. Duration of storage, revocation of consent and deletion of data

You IP address and your e-mail address will be deleted after 30 days at the latest. The other data indicated in the comment will be permanently stored until you revoke your consent. You may revoke your consent to your data being processed at any time by sending an e-mail to info bib.uni-mannheim.de. Your comment will then be deleted.

VIII. Video conferences

This information applies to the video conference services of the Mannheim University Library under the domain bib.uni-mannheim.de:

  • BigBlueButton (BBB)
  • Jitsi
  • Nextcloud Talk.

1. Description and scope of data processing

Mannheim University Library operates video conference services on its own servers.

In the invitation for a video conference, the participants receive a link (URL) or a phone number and a password, if required, for their participation.

During the video conference, the names chosen by the participants will be shown and when participating via phone, the phone number will be shown. During the video conference, the public chat, shared notes and documents are accessible to all participants. Using these features is voluntary. Conferences are not recorded or forwarded to third parties; the video and audio data are only streamed. In order to perform these services, the chat data and the data of shared contents must be stored for the duration of the meeting.

2. Legal basis for data processing

The legal basis for data processing within the scope of an existing employment relationship or within the scope of a selection process to establish an employment relationship with a civil servant/employee/intern is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with section 15 LDSG in conjunction with sections 83 to 86 of the civil service act of the Land of Baden-Württemberg (Landesbeamtengesetz, LBG).

The legal basis within the scope of the fulfillment of the university’s duties is Article 6 paragraph 1 letter(e) in conjunction with paragraph 3 GDPR in conjunction with section 4 LDSG or more specific regulations.

The legal basis for the processing of data during the video conference, once the consent of the user has been obtained, is Article 6 paragraph 1 letter(a) GDPR.

3. Purpose of data processing

Data processing is required for holding video conferences.

4. Processed data categories

The data processed depends on the features of the video conference platform’s that are used. In detail:

Login information

If you are registered for the services and logged in and you create, host or participate in a video conference, the video conference system will process your login information and personal settings including the video conferences you created.

If you login as a participant, the name you choose will be processed.

Meta data

Meta data are the name of the room, welcome text and duration of the meeting, start and end (time) of the participation, description of the meeting (optional), chat status, IP addresses of the participants, type of microphone or speaker used, type of connection (if participating via phone: phone number of the participant)

Content data

Chat protocols, shared notes, uploaded presentations, whiteboard content, survey results, status settings of the participants, audio and video data are processed if and to the extent these features are used when participating in a video conference.

5. Categories of recipients

The employees of the University University of Mannheim who require the data for fulfilling their work duties are the internal recipients.

Third parties who participate in the meeting and who you can directly identify as participants may be external recipients.

6. Duration of storage

Your data are only stored as long as this is required for the purposes specified above. This does not apply if longer storage or retention periods are provided for by mandatory law or are required for enforcing rights (statutory limitation periods). If data are only processed for these purposes, data access is limited to the extent required.

Generally, the following retention periods apply.

Login information

If you are logged in as a registered person, your personal data are stored until your registration is deleted.

Otherwise the name you have chosen will be deleted after the meeting has ended.

Meta data

Meta data will be deleted seven days after the meeting has ended. Further storage is possible. In this case the IP addresses and phone numbers of the users will be deleted or alienated so that the accessing client can no longer be identified.

Content data

As a rule, video and audio data will not be recorded. Chat data, shared contents (notes, presentations, whiteboard, survey results, status settings) are stored for the duration of the video conference and deleted after the conference has ended.

IX. Google Plugins

The MADOC online repository uses plugins of Google provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the Google server. This way, Google receives information that you have visited our website. If you are logged in to your Google+ or Google account, Google can link your visit to our website to your user account. If you do not wish Google to link the data collected via our website to your Google account, please log out of your Google account before visiting our website.

We are not being informed of the kind of data transmitted and their use by Google. Information on the purpose, extent, further processing and use of data collected by Google as well as your rights regarding such processing can be found in the Google Privacy Policy. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

X. Data subject rights

  • You have the right to obtain information about your personal data stored by the University of Mannheim according to Article 15 GDPR and the right to have false data rectified according to Article 16 GDPR.
  • Furthermore, you have the right to erasure (Article 17 GDPR) and the right to restriction of processing (Article 18 GDPR).
  • If you have given consent to data processing, you can withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • If the consent is withdrawn within the scope of a contractual relationship, the fulfillment of the contract may no longer be possible.
  • Furthermore, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not in compliance with data protection regulations (Article 77 GDPR). The supervisory authority responsible is the commissioner for data protection and freedom of information of Baden-Württemberg (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg).

XI. Right to object according to Article 21 GDPR

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Article 6 paragraph 1(e) GDPR (data processing in the public interest) at any time.