Data Protection Declaration of the University Library

In accordance with Article 13 of the General Data Protection Regulation (GDPR), the University Library provides information on its specific data processing processes. Please observe the general information on data protection on and in connection with our websites in the Data Protection Declaration of the University of Mannheim.

I. Contact details of the controller and the data protection officer

1. Controller

University of Mannheim
Schloss
68131 Mannheim
Phone: +49 621 181-1001
E-mail: rektormail-uni-mannheim.de

2. Data Protection Officer of the University of Mannheim

Jan Morgenstern
Lawyer and IT law specialist
E-mail: datenschutzbeauftragtermail-uni-mannheim.de

II. Chat

1. Description and scope of data processing

If you use the chat provided by the University Library, the start and end time of the chat as well as the chat history are recorded. Chat protocols are stored for two days. You can request a copy of the chat history before the chat ends.

Mannheim University Library generates quantitative statistics such as the number of queries and the time they were received. For this purpose, we do not process personal data.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 of the act on the higher education institutions in the Land of Baden-Württemberg (LHG) in conjunction, if applicable, with the relevant statutes. The legal basis for storing the chat protocols is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing

Processing personal data is required for using the the chat. Chat protocols are stored for two days in order to be able to retrace chats if there is ground to suspect misuse of the service or a criminal offense.

4. Duration of storage

Chat protocols are automatically deleted after two days.

III. Forms

When you send us inquiries via our contact form, the data indicated in this form and the time the form is sent are stored, put in an e-mail and transferred to the responsible library staff members to process the inquiry. The sender, the recipient as well as the date and time of e-mails are being recorded. E-mails are deleted after two weeks at the latest. When you order library items, the data required for this process are stored in the library system.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

The data in the required fields are necessary to process your inquiry. If required data are missing, your inquiry cannot be processed.

Your data will be deleted once the inquiry has been processed completely.

1. Online registration for non-university members and members of cooperating institutions

If you register, the data you enter in the form will be forwarded to the University of Mannheim and stored in the library system.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction with section 5 subsection 7 of the Rules and Regulations Governing the Use of the Mannheim University Library.

Your data are processed for user administration, the borrowing of items from the library and for authentication purposes if electronic offers are used. The data in the mandatory fields are required to process your registration in accordance with section 5 subsection 7 of the Rules and Regulations Governing the Use of the Mannheim University Library as at 6 November 2009 and section 3 subsection 3 of the Terms of Use for Information Processing Systems of the University of Mannheim as at 20 June 2001 (PDF, 29 KB). If required data are missing, your registration cannot be processed.

Your data will be deleted once your user authorization ends, either after the expiration of the set period or upon your request.

2. Interlibrary loan

When you request an interlibrary loan, the data indicated in the form are stored in the library system to process the inquiry. The order data and a local user ID are then transferred to the interlibrary portal of the Library Service Centre Baden-Wuerttemberg and to the library providing the item. Your name will not be shared.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

The data in the required fields are necessary to process your registration. If required data are missing, your registration cannot be processed.

Your data stored in the library system are anonymized after a maximum of 90 days after the completion of the interlibrary loan.

3. Application for funding of open access publication fees

a) Description and scope of data processing

When you send us an application for funding of open access publication fees, the data indicated in the form and the time the form is sent are stored, put in an e-mail and transferred to the responsible library staff members to process the inquiry. At the same time, your data are automatically transferred into MADOC and the library system and stored there.

If your article is published with funding provided by the open access publishing fund, the University Library forwards the invoice to Division IV – Finances and Procurement of the University of Mannheim for payment. In addition, the University Library may share your payment information with the publishing house that publishes your article.

Your data are shared with the sponsors of the open access publishing fund for reporting purposes. Moreover, for statistical purposes, the University Library plans to share the sum with which an article was funded, the year of publication, the institution and the DOI of the article with the Open APC Platform.

If your article is funded by the Mannheim Centre for European Social Research (MZES), the University Library transfers your data to the MZES to process the application.

b) Legal basis for data processing

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes. The legal basis for the further processing of personal data for statistical purposes is section 13 subsection 1 of the data protection act of the Land of Baden-Württemberg (Landesdatenschutzgesetz, LDSG).

c) Purpose of data processing

The data in the required fields are necessary to process your application. If required data are missing, your application cannot be processed. In addition, your data are further processed for statistical analyses via the publishing fund.

d) Duration of storage

If your article is published with funding provided by the open access publishing fund, your data will remain stored on MADOC and the library system. Moreover, the University Library lists the published article in the university bibliography on MADOC and marks it as a funded article. The other data will be deleted once the processing has been completed.

If your article is not published with funding provided by the open access publishing fund, your data remain stored in the library system for statistical purposes. The other data will be deleted once the processing has been completed.

4. Registration for courses for non-members of the University of Mannheim

When you register for a course, only your email address will be stored by the time you send it. Your email address will be used to send you a link to the online course.

The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

The specification of the e-mail address is necessary to provide you with the link to the online course. Without providing your email address, your registration cannot be processed.

After the end of the course, your data will be deleted.

IV. MAJOURNALS

MAJOURNALS uses the software Open Journal Systems (OJS) to support researchers at the University of Mannheim in publishing open access journals, open access conference series and in presenting the articles published in these journals or series. On the website, editors, reviewers and authors can register as users of the software in order to submit articles, manage the review process via OJS and publish open access articles.

1. Registration

a) Description and scope of data processing

When you register for MAJOURNALS, your data indicated in the form and the date and time of the registration are stored. When you are registered, your personal settings and the date of your latest login are also stored.

b) Legal basis for data processing

The legal basis for the processing of personal data, once the consent of the user has been obtained, is Article 6 paragraph 1(a) GDPR.

c) Purpose of data processing

The data in the required fields are necessary to set up a personal account. If you register as an author or external reviewer, the purpose of the processing of your personal data is the communication between publishers, authors and reviewers and the publication of the magazine. The purpose of processing the registration date and the date of the latest login is to prevent the misuse of the services or of your data.

d) Duration of storage

Your personal data will be permanently stored until you revoke your consent. You can modify your personal data at any time. You may revoke your consent to your data being processed at any time by sending an e-mail to publikationsdienstemail-uni-mannheim.de. Your account or individual data will then be deleted.

2. Submission, review and publication of articles

When articles are submitted and reviewed, further personal data are generated. The legal basis for the processing is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes. These personal data will be stored permanently.

When your article was published, your personal data will be stored permanently. Metadata of published articles are published and transferred to third parties for the purpose of the DOI registration, for listing in catalogs, for searchability in search engines and for long-term preservation. The legal basis for the processing of personal data is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

V. LinguaPix

The University Library makes the data bank LinguaPix accessible to universities and other educational institutions for non-commercial research, study and teaching purposes.

1. Description and scope of data processing

When you register for LinguaPix, your data indicated in the form and the date and time of the registration are stored.

2. Legal basis for data processing

The legal basis for the processing of personal data, once the consent of the user has been obtained, is Art. 6 paragraph 1(a) GDPR.

3. Purpose of data processing

The data in the required fields are necessary to set up a personal account and to check if you are eligible to use the program. The processing of change information also serves to prevent misuse of the services or your data.

4. Duration of storage

Your personal data will be permanently stored until you revoke your consent. In order to update your personal data, please send an e-mail to forschungsdaten@uni-mannheim.de. You may revoke your consent to your data being processed at any time To do so, please send an e-mail to forschungsdaten@uni-mannheim.de. Your account will then be deleted.

VI. DokuWikis

1. Description and scope of data processing

The Mannheim University Library runs several DokuWikis on its servers, which are used by the library staff as well as by partners. The contents of the wikis are usually only accessible to registered users.

When you register for a wiki account, a name, user name, e-mail address, and password hash value will be stored. When you write or make any other changes on the wiki, your user name, the date and time of the change, the type of change, and your IP address will be stored. Personal data that you or other users post as content on the wiki will also be processed.

2. Legal basis for data processing

The legal basis for data processing within the scope of an existing employment relationship is Article 6 paragraph 1 letter (e) in conjunction with paragraph 3 GDPR in conjunction with section 15 of the data protection act of the Land of Baden-Württemberg (LDSG) in conjunction with sections 83 to 85 of the civil service act of the Land of Baden-Württemberg (LBG).

The legal basis within the scope of the fulfillment of the university’s duties is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

Where the user has given their explicit consent to the processing, the legal basis for the processing of the data is Article 6 paragraph 1 letter (a) GDPR.

3. Purpose of data processing

The specification of name, user name, e-mail address, and password is required to set up a personal account. Change information is stored automatically on the wiki to ensure transparency when editing content together. The processing of change information also serves to prevent misuse of the services or your data.

4. Categories of recipients

Internal recipients are the staff members of the Mannheim University Library who require the data for fulfilling their work duties.

For wikis intended for this purpose, external recipients are partners who are registered as users in the same wiki and to whom the data is displayed as long as they are logged into the wiki.

5. Duration of storage

Your data will only be stored as long as this is required for the purposes specified above. This does not apply if longer storage or retention periods are provided for by mandatory law or are required for enforcing rights (statutory limitation periods). If data are only processed for these purposes, data access is limited to the extent required.

Generally, the following retention periods apply:

Registration data will be deleted upon deletion of your account.

Change information will be stored until the corresponding wiki page is deleted. Your user name that is displayed in the history of wiki pages you have changed will be anonymized when your account is deleted. Other personal data that you or other users post as content to the wiki will remain stored until the respective page is deleted.

You can revoke your consent to your data being processed at any time by sending an e-mail to webmaster.ubmail-uni-mannheim.de. Your account will then be deleted. You can also delete your account yourself. This option is available in the wiki under the link “User profile”.

VII. Comment function on the blog

1. Description and scope of data processing

The University Library uses the blogging software WordPress to publish news from the University Library. You can comment on these posts and enter your name or a pseudonym. After review by the University Library’s team, the comments are published.

When you post a comment, the following data are stored:

  • name or pseudonym
  • e-mail address
  • IP address
  • date and time of access
  • content of the comment

Your e-mail address and IP address will not be published.

2. Legal basis for data processing

The legal basis for the processing of personal data, once the consent of the user has been obtained, is Article 6 paragraph 1(a) GDPR. The legal basis for storing the IP address is Article 6 paragraph 1(f) GDPR.

3. Purpose of data processing

The purpose of processing your data is to prevent the misuse of the services. Besides, it enables us to contact you personally via e-mail.

4. Duration of storage, revocation of consent and deletion of data

You IP address and your e-mail address will be deleted after 30 days at the latest. The other data indicated in the comment will be permanently stored until you revoke your consent. You may revoke your consent to your data being processed at any time by sending an e-mail to info.ubmail-uni-mannheim.de. Your comment will then be deleted.

VIII. Video conferences

This information applies to the video conference services of the Mannheim University Library under the domain bib.uni-mannheim.de:

  • BigBlueButton (BBB)
  • Jitsi
  • Nextcloud Talk.

1. Description and scope of data processing

Mannheim University Library operates video conference services on its own servers.

In the invitation for a video conference, the participants receive a link (URL) or a phone number and a password, if required, for their participation.

During the video conference, the names chosen by the participants will be shown and when participating via phone, the phone number will be shown. During the video conference, the public chat, shared notes and documents are accessible to all participants. Using these features is voluntary. Conferences are not recorded or forwarded to third parties; the video and audio data are only streamed. In order to perform these services, the chat data and the data of shared contents must be stored for the duration of the meeting.

2. Legal basis for data processing

The legal basis for data processing within the scope of an existing employment relationship or within the scope of a selection process to establish an employment relationship with a civil servant/employee/intern is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with section 15 LDSG in conjunction with sections 83 to 86 of the civil service act of the Land of Baden-Württemberg (Landesbeamtengesetz, LBG).

The legal basis within the scope of the fulfillment of the university’s duties is Article 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 LHG in conjunction, if applicable, with the relevant statutes.

The legal basis for the processing of data during the video conference, once the consent of the user has been obtained, is Article 6 paragraph 1 letter(a) GDPR.

3. Purpose of data processing

Data processing is required for holding video conferences.

4. Processed data categories

The data processed depends on the features of the video conference platform’s that are used. In detail:

Login information

If you are registered for the services and logged in and you create, host or participate in a video conference, the video conference system will process your login information and personal settings including the video conferences you created.

If you login as a participant, the name you choose will be processed.

Meta data

Meta data are the name of the room, welcome text and duration of the meeting, start and end (time) of the participation, description of the meeting (optional), chat status, IP addresses of the participants, type of microphone or speaker used, type of connection (if participating via phone: phone number of the participant)

Content data

Chat protocols, shared notes, uploaded presentations, whiteboard content, survey results, status settings of the participants, audio and video data are processed if and to the extent these features are used when participating in a video conference.

5. Categories of recipients

The employees of the University University of Mannheim who require the data for fulfilling their work duties are the internal recipients.

Third parties who participate in the meeting and who you can directly identify as participants may be external recipients.

6. Duration of storage

Your data are only stored as long as this is required for the purposes specified above. This does not apply if longer storage or retention periods are provided for by mandatory law or are required for enforcing rights (statutory limitation periods). If data are only processed for these purposes, data access is limited to the extent required.

Generally, the following retention periods apply.

Login information

If you are logged in as a registered person, your personal data are stored until your registration is deleted.

Otherwise the name you have chosen will be deleted after the meeting has ended.

Meta data

Meta data will be deleted seven days after the meeting has ended. Further storage is possible. In this case the IP addresses and phone numbers of the users will be deleted or alienated so that the accessing client can no longer be identified.

Content data

As a rule, video and audio data will not be recorded. Chat data, shared contents (notes, presentations, whiteboard, survey results, status settings) are stored for the duration of the video conference and deleted after the conference has ended.

IX. Google Plugins

The MADOC online repository uses plugins of Google provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

If you visit a page on our website that uses such a plugin, your browser sets up a direct connection with the Google server. This way, Google receives information that you have visited our website. If you are logged in to your Google+ or Google account, Google can link your visit to our website to your user account. If you do not wish Google to link the data collected via our website to your Google account, please log out of your Google account before visiting our website.

We are not being informed of the kind of data transmitted and their use by Google. Information on the purpose, extent, further processing and use of data collected by Google as well as your rights regarding such processing can be found in the Google Privacy Policy. The University of Mannheim does not assume responsibility for these contents or the privacy policy.

X. Data subject rights

  • You have the right to obtain information about your personal data stored by the University of Mannheim according to Article 15 GDPR and the right to have false data rectified according to Article 16 GDPR.
  • Furthermore, you have the right to erasure (Article 17 GDPR) and the right to restriction of processing (Article 18 GDPR).
  • If you have given consent to data processing, you can withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • If the consent is withdrawn within the scope of a contractual relationship, the fulfillment of the contract may no longer be possible.
  • Furthermore, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not in compliance with data protection regulations (Article 77 GDPR). The supervisory authority responsible is the commissioner for data protection and freedom of information of Baden-Württemberg (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg).

XI. Right to object according to Article 21 GDPR

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Article 6 paragraph 1(e) GDPR (data processing in the public interest) at any time.