The following information will provide you with an overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration that we have included below.
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws in the member states and other legal provisions related to data protection is:
Universität Duisburg-Essen (UDE)
Essen Campus:
Universitätsstraße 2
45141 Essen, Germany
Phone.: +49 201 183 – 0
Fax: +49 201 183 – 3536
Website: www.uni-due.de
UDE is represented by its Rector:
Prof. Dr. Barbara Albert
E-mail: rektorin@uni-due.de
Campus Duisburg
Phone: +49 203 37 9-2465
Campus Essen
Phone: +49 201 18 3-2000
Website: www.uni-due.de/de/rektorat/rektorin.php
The controller’s Data Protection Officer is:
Dr. Kai-Uwe Loser
(Data Protection Officer of Universität Duisburg-Essen)
Forsthausweg 2
47057 Duisburg
Phone: +49 234 32 28720
E-mail: kai-uwe.loser@uni-due.de
Website: www.uni-due.de/verwaltung/datenschutz
We generally process personal data of our users only to the extent that this is necessary to ensure the functioning of our websites and to provide our contents and services. As a rule, the processing of personal data of our users will always be subject to their prior consent. An exemption applies where it is not possible to obtain prior consent for factual reasons and the data processing is permitted by law.
Where we obtain the data subject’s consent to the processing of personal data, the legal basis is provided by Art. 6 (1) (a) General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is provided by Art. 6 (1) (b) GDPR. This also applies to any processing required in order to take steps prior to entering into a contract.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is provided by Art. 6 (1) (c) GDPR.
Where the vital interest of the data subject or another person requires the processing of personal data, the legal basis is provided by Art. 6 (1) (d) GDPR.
Where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, the legal basis for the processing is provided by Art. 6 (1) (e) GDPR.
We will erase or block the personal data of a data subject as soon as the specific purpose of retention ceases to exist. A further retention may happen where this is required by European or national lawmakers in EU regulations, national laws or other provisions applying to the data controller. We will also block or erase the data upon expiry of a legal retention period stipulated in any of the rules referred to above, unless it is still necessary to retain the data for concluding or performing a contract.
We are hosting the content of our website at the following provider: Mittwald. The provider is the Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany (hereinafter referred to as Mittwald). For details, please view the data privacy policy of Mittwald: www.mittwald.de/datenschutz.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
2. Legal basis for data processing
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser. Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services). Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes. Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be revoked at any time. You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website: usercentrics.com (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data will be transferred to Usercentrics:
Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR
Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6(1)(c) GDPR.
The purpose of using technically necessary cookies is to make it easier for users to navigate the websites. Some functions of our websites cannot be offered without these cookies. They require that the browser is recognised after a page change. User data collected by technically necessary cookies will not be used for the creation of user profiles.
On our websites you have the opportunity to subscribe to the free College Newsletter and to the College’s press mailing list.
When you register for these services, the information from the input screen is transmitted to us. Specifically, this refers to your email address, name (optional), institution (optional) and location (optional).
In the course of the registration process, you are requested to consent to the processing of your data.
This website uses Brevo for the sending of newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo services can, among other things, be used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on servers of Sendinblue GmbH in Germany.
Data analysis by Brevo
Brevo enables us to analyse our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine which links drew an extraordinary number of clicks.
Moreover, we are also able to see whether, once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate).
Brevo also enables us to divide the subscribers to our newsletter into various categories This enables us to tailor our newsletter more effectively to the needs of the respective target groups.
If you do not want to permit an analysis by Brevo, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
For detailed information on the functions of Brevo please follow this link: https://www.brevo.com/de/newsletter-software.
The legal basis for processing data after a user has registered for the newsletter is Art. 6 (1) (a) GDPR provided that the user has given consent.
The email address of the user is collected and used to be able to send the newsletter. The collection of other personal data in the context of the registration is meant to prevent an abuse of the service and/or of the email address used.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Regulations of Brevo at: www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.
We use contact and other input forms on our websites. Where a user selects this option, the data entered into the corresponding input mask are submitted to us and stored by us, for example:
At the time of delivery, we also store the following data:
Consent to data processing is obtained in the context of the submission process, while reference is made to this privacy policy.
Of course, contact can also be made via the displayed email addresses. In these cases, we will store the user’s personal data submitted with the email.
We do not disclose any data to third parties in this context. The use of the data is only for processing the corresponding conversation.
The legal basis for processing data is provided by Art. 6 (1) (a) GDPR where the user has given consent.
The legal basis for processing data submitted by sending an email is provided by Art. 6 (1) (e) GDPR. Where the email communication is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
Personal data from the input mask are only processed for the purpose of processing the communication. In the case of communication via email, this will also constitute the required legitimate interest for data processing.
All other personal data processed during the submission process serve the purpose of avoiding misuse of our contact form and ensuring the safety of our IT systems.
We will delete the data as soon as they are no longer necessary in relation to the purposes for which they were collected.
Users have the right to withdraw consent to the processing of their personal data at any time. Where users contact us per email, they may object to the storage of their personal data at any time. The conversation cannot be continued under these circumstances.
In such a case all personal data stored in the course of the communication will be deleted.
This website uses the open-source web analysis service Matomo.
Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.
Analysis without cookies
We have configured Matomo in such a way that Matomo will not store cookies in your browser.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
2. Legal basis for data processing
The legal basis for the processing of the users’ personal data is provided by Art. 6 (1) (e) GDPR.
3. Purpose of data processing
The processing of our users’ personal data gives us the opportunity to analyse their browsing patterns. By analysing the collected data we are able to understand how individual components of our websites are used. This helps us continuously improve our websites and their user-friendliness. These purposes constitute our legitimate interest in the data processing under Art. 6 (1) (e) GDPR. By anonymising the IP addresses the users’ interest in the protection of their personal data is sufficiently taken into account.
4. Retention period
Matomo only saves data in an anonymised way and for statistical purposes. A person-related analysis is not possible.
Our website services include links to our social media channels hosted with the following providers:
For accessing these channels, it is necessary that the user’s IP address becomes visible to the providers, because without the IP address no content can be delivered to the browser of the specific user. This means that the IP address is necessary for displaying these contents. We cannot influence whether and how third-party providers save and use IP addresses.
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application. For more information on Google Fonts, please follow this link: developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: policies.google.com/privacy.
This website uses Font Awesome to ensure the uniform use of fonts on this site. Font Awesome is locally installed so that a connection to Fonticons, Inc.’s servers will not be established in conjunction with this application. For more information on Font Awesome, please and consult the Data Privacy Declaration for Font Awesome under: fontawesome.com/privacy.
We are using the mapping service provided by OpenStreetMap (OSM). We embed the map data from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap-Foundation. In the process and among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OpenStreetMap may store cookies in your browser or use similar recognition technologies for this purpose.
We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website. This establishes legitimate grounds as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Where we process your personal data, you are a data subject within the meaning of the GDPR and have the following rights with regard to the controller:
You may obtain from the controller confirmation as to whether or not we process any personal data concerning you.
Where this is the case, you may request the controller to provide you with the following information:
You have the right to obtain information whether the personal data concerning you are disclosed to third countries or international organisations. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR with regard to the transfer.
This right to access may be limited in so far as it is likely to render impossible or seriously impair the achievement of specific research or statistical purposes, and where such a limitation is necessary for the fulfilment of those purposes.
You have a right to obtain from the controller the rectification and/or completion, where the processed personal data concerning you are inaccurate or incomplete. The controller must undertake the rectification without delay.
Your right to rectification may be limited in so far as it is likely to render impossible or seriously impair the achievement of specific research or statistical purposes, and where such a limitation is necessary for the fulfilment of those purposes.
Under the following conditions you may demand a restriction of the processing of personal data concerning you:
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where restriction of processing has been obtained under the conditions above, you will be informed by the controller before the restriction of processing is lifted.
Your right to restriction of processing may be limited in so far as it is likely to render impossible or seriously impair the achievement of specific research or statistical purposes, and where such a limitation is necessary for the fulfilment of those purposes.
(a) Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(b) Information to third parties
Where the controller has made public the personal data concerning you and is obliged pursuant to Art. 17 (1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(c) Exceptions
The right to erasure does not exist to the extent that processing is necessary:
Where you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to communicate any rectification or erasure of personal data concerning you or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about these recipients by the controllers.
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others may not be affected adversely hereby.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 (1) (e) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purposes of establishing, exercising or defending legal claims.
Where personal data concerning you are processed for direct marketing purposes,
you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you are no longer processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You also have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, where these are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR.
Your right to object may be limited in so far as it is likely to render impossible or seriously impair the achievement of specific research or statistical purposes, and where such a limitation is necessary for the fulfilment of those purposes.
You have the right to withdraw consent given under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) above, the data controller implements suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.