Privacy Notice
I. Scope
The following privacy information applies only to the websites operated under the responsi-bility of Otto von Guericke University Magdeburg.
You can find privacy information about ChatBot, which is used on some pages, here.
II. Name and Address of the Data Controller
The data controller pursuant to the General Data Protection Regulation (DSGVO) and other national data protection laws of the Member States plus other legal data protection regula-tions is:
Otto von Guericke University Magdeburg (OVGU)
represented by the President
Postal address: Universitätsplatz 2, D-39106 Magdeburg, Germany
Tel.: +49 (0)391 6701
email:
III. Data Protection Officer Contact Details
Postal address:
Otto von Guericke University Magdeburg
Data Protection Officer
Universitätsplatz 2, D-39106 Magdeburg, Germany
Tel.: +49 (0)391 675 2499
email:
IV. General Information on Data Processing
1. Extent of the Processing of Personal Data
In principle we only use the personal data of our users to the extent necessary to deliver a functioning website and provide our content and services. Routinely, the personal data of our users are only processed with the approval of the user. An exception applies in cases where it is not possible for practical reasons to obtain consent in advance and the pro-cessing of the data is permitted by law.
2. General Legal Basis for the Processing of Personal Data
In connection with the research and teaching activities of OVGU, data are predominantly processed on the legal basis of the university’s statutory obligations (article 6, paragraph 1, sentence 1, letter c) of the GDPR) and in the exercise of public interests (article 6, paragraph 1, sentence 1, letter e) of the GDPR) in the sense of the fulfillment of its duties as a state university and public corporation in accordance with the applicable Higher Education Act of the state of Saxony-Anhalt (HSG LSA). Different or supplementary legal bases are indicated in the relevant descriptions of the individual data processing operations. Insofar as we ob-tain the consent of the data subject for the processing of their personal data, article 6, para-graph 1, letter a) of the GDPR forms the legal basis.
This means, that if you are asked for your consent and, for example, you consent to the use of cookies, the legal basis for the processing of your data is the consent given. If your con-sent is not requested, then the data processed with the help of cookies are used to fulfill the duties of OVGU (e.g. to facilitate reliable operation of and improve the online offer).
3. Data Erasure and Duration of Storage
The personal data of the data subject will be erased or made unavailable as soon as the reason for storage no longer applies. Moreover, they may be stored if this is provided for by the European or national legislator under the Union regulations, laws or other mechanisms to which the controller is subject. The data shall also be made unavailable or erased when a storage period prescribed by the standards mentioned elapses, unless there is a require-ment to continue to store the data in order to enter into a contract, or for the performance of a contract.
V. Data Protection Regulations for the Use and Application of Social Media
Links to various social media platforms, e.g. Facebook, Twitter, Instagram are integrated in the websites.
On the central OVGU web pages, these links are exclusively links to the relevant OVGU presence on the corresponding platform. Therefore, no data to which privacy regulations apply are saved or processed by OVGU.
VI. Provision of the Website and Creation of Log Files
1. Description and Extent of Data Processing
Each time our website is called up, our system automatically records data and information from the computer system of the calling computer. The following data are collected in the process:
- information on the browser type and the version being used
- operating system of the user
- Internet Service Provider of the user
- IP address of the user
- date and time of access
The data are also stored in the log files in our system. This data is not stored with other personal data pertaining to the user.
2. Legal Basis
The legal basis for the temporary storage of data and log files is the fact of it being neces-sary to do so for the performance of a public duty pursuant to article 6, para. 1, letter e) of the GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the computer of the user. To this end, the IP address of the user must be stored for the duration of the session.
It is stored in log files in order to ensure the proper functioning of the website. In addition, this data helps us to optimize the website and safeguard the security of our IT systems. The data are not evaluated for marketing purposes in this connection.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. If the data were recorded to make the website available to the user, this is the case when the relevant session comes to an end. With regard to the storage of data in log files, they will be erased at the latest after seven days.
It is possible that the data may be stored beyond this period. In this case, the IP addresses of the users will be erased or anonymized so that it is no longer possible to relate them to the calling clients.
5. Possibility of Objection and Elimination
Recording the data in order to provide the website and storing the data in log files is essen-tial for the operation of the website. As a consequence, it is not possible for the user to ob-ject to this.
VII. Use of Cookies
1. Description and Extent of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If a user calls up a website, then a cookie can be stored on the operating system of the user. This cookie contains a distinctive string of characters that enable the browser to be clearly identified when the website is called up again. We use cookies that are necessary for the functionality of the website.
When using our website, generally speaking there is no use of cookies for the recording / collation of statistics concerning the website user.
If the user gives consent via the displayed consent message for the storage of cookies that are used for analytical purposes for a minimal-data analysis of anonymized user behavior when visiting pages and interacting with the website, these are occasionally used to recog-nize sessions over short periods of time.
We use the “Matomo” program as analysis software for logging use behavior. The metrics are only processed and stored on the basis of previously modified raw data and are only used here to adapt content in a more targeted way to user groups. Moreover, the data that are collected are not passed on to third parties and this data is only processed within the university. There is no long-term storage of personal content. If consent is given for user tracking, occasionally a temporary, anonymized user profile is created.
2. Legal Basis
Provided that consent has been obtained from the user, the legal basis for the processing of personal data using cookies for analysis purposes is article 6, paragraph 1, letter a) of the GDPR or, in the case of the use of technically necessary cookies, article 6, paragraph 1, letter e) of the GDPR.
3. Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for us-ers. No user data are collected by cookies that are required for technical purposes.
4. Duration of Storage, Possibility of Objection and Elimination
Cookies are stored on the computer of the user and transmitted to our site by it. For this reason, you as the user also have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatical-ly.
If cookies for our website are deactivated, it may no longer be possible to use all of the functions of the website in full.
VIII. Newsletter
1. Description and Extent of Data Processing
On some of our websites it is possible to subscribe voluntarily to a free newsletter. In the process, when subscribing to the newsletter the data from the input screen are transmitted to us. In connection with the processing of data for the sending of newsletters, no data is forwarded to third parties; they are solely used for sending the newsletters.
2. Legal Basis
In the event that the consent of the user has been obtained, the legal basis for the pro-cessing of data following subscription to a newsletter by the user is article 6, paragraph 1, letter a) of the GDPR.
3. Purpose of Data Processing
The e-mail address of the user is only collected in order to deliver the newsletter. More de-tailed information is available on the relevant websites.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. Accordingly, the email address of the user will only be stored for as long as the subscription to the newsletter is active.
5. Possibility of Objection and Elimination
A newsletter subscription can be ended at any time by the data subject. There is a link in every newsletter for this purpose. Consent to store the personal data collected during the registration process will be revoked at the same time.
IX. Registration
1. Description and Extent of Data Processing
On some websites we offer users the possibility of registering by providing their personal data. The data are entered into an input screen, transmitted to us and stored. The data will not be passed on to third parties. As part of the registration process the consent of the user will be obtained for the processing of this data.
As part of the registration process the consent of the user will be obtained for the pro-cessing of this data.
2. Legal Basis
In the event of consent being obtained from the user, the legal basis for the processing of data is article 6, paragraph 1, letter a) of the GDPR. Where registration is required, the legal basis for the processing of data is the performance of duties as set out in the HSG LSA and this is therefore done in the public interest (article 6, paragraph 1, sentence 1, letter e) of the GDPR).
3. Purpose of Data Processing
Users are required to register in order to access certain content and information on our website. More detailed information, especially on the applicable legal basis is available on the relevant pages.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our website is canceled or amended.
5. Possibility of Objection and Elimination
If the processing of data is consent-based, then as a user, you may at any time revoke your registration, usually by email.
X. Contact Form and email Contact
1. Description and Extent of Data Processing
On some of our web pages there are contact forms that can be used to make contact elec-tronically. If a user utilizes this possibility, then the data entered into the input screen are transmitted to us and stored. More detailed information is available on the relevant pages. As part of the dispatching process, your consent will be obtained for the processing of your data and reference will be made to this privacy policy.
Alternatively it is possible to make contact using the email address provided. In this case, the personal user data transmitted with the email will be stored. In this connection, no data are passed on to third parties; they are solely used for processing the conversation.
2. Legal Basis
Provided the user has given consent, the legal basis for the processing of data is article 6, paragraph 1, letter a) of the GDPR or for data that are transmitted in the course of sending an email, article 6, paragraph 1, letter e) of the GDPR.
3. Purpose of Data Processing
The data from the input form is only processed for the purpose of facilitating contact or re-sponding to the inquiry/message on the part of OVGU.
The other personal data processed during the dispatching process are used to prevent mis-use of the contact form and to ensure the security of our IT systems.
4. Duration of Storage
The data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. For the personal data from the input screen in the contact form and those that are sent by email, this is the case when the respective conversation with the user comes to an end. The conversation is deemed to have ended when the circum-stances would lead one to infer that the matter at hand has been fully dealt with.
The additional personal data collected during the dispatching process will be erased at the latest after a period of seven days.
5. Possibility of Objection and Elimination
The user may revoke his or her consent to the processing of his or her personal data at any time. If the user makes contact with us by email, then he or she may object to the storage of his or her personal data at any time. In such cases, the conversation will not be continued.
All personal data stored in the course of the contact will be erased in this case.
XI. Web Analysis by Matomo (Formerly PIWIK)
1. Extent of the Processing of Personal Data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the computer of the user (see above regarding cookies). If individual pages are accessed, the following data are saved:
- two bytes of the IP address of the calling system of the user
- the website called
- website from which the user accessed the called website (referrer)
- subpages that are accessed from the called website
- time spent on the website
- frequency with which the website is accessed
To do this, the software runs solely on the servers of our website. The personal data of the users are only stored there; no data are passed to third parties.
2. Legal Basis
The legal basis for the processing of user data is article 6, paragraph 1, letter e) of the GDPR (fulfillment and improvement of the tasks of OVGU regarding participation and knowledge transfer in the context of effective publicity work).
3. Purpose of Data Processing
The processing of the personal data of a user enables us to analyze the surfing behavior of our users/visitors on the websites. By evaluating the data obtained we are in a position to collate information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Anonymizing the IP address en-ables sufficient account to be taken of the interest of the user and the protection of their personal data.
4. Duration of Storage
The data are deleted as soon as they are no longer required for collating purposes.
5. Possibility of Objection and Elimination
Cf. in this respect the information on cookies in section VII.4. More detailed information on the privacy settings of the Matomo software program can be found by clicking the following link.
XII. Rights of the Data Subject
If your personal data are processed, you are the data subject as defined by the GDPR and you have the following rights vis à vis OVGU as the data controller:
1. Right of Information
You may request confirmation regarding whether or not your personal data have been pro-cessed by us. If your data have been processed, you may request information about the fol-lowing:
- purposes for which the personal data were processed;
- categories of personal data that have been processed;
- recipients and/or categories of recipients to whom your personal data have been or are still being disclosed;
- planned duration of storage of your personal data or, if specific information is not available on this, criteria for determining the duration of storage;
- existence of a right to correction or erasure of your personal data, a right to restrict the processing by the data controller or a right of objection to this processing;
- existence of the right to lodge a complaint to a supervisory authority;
- all available information on the origin of the data, if the personal data was not col-lected from the data subject;
- existence of automated decision-making including profiling as per article 22, para-graphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the consequences and intended effects of this kind of pro-cessing for the data subject.
You also have the right to request information about whether or not your personal data have been transmitted to a third country or to an international organization. In this connection you may ask to be informed of the appropriate safeguards in accordance with article 46 of the GDPR in connection with their transmission.
2. Right to Rectification
You have the right to rectification and/or completion if the personal data concerning you that have been processed are incorrect or incomplete. OVGU must rectify the data immedi-ately.
3. Right to Restriction of Processing
You may request the processing of personal data concerning you to be restricted if:
- you contest the accuracy of the personal data about you for a length of time that en-ables the controller to verify the accuracy of the personal data;
- the processing is unlawful, and you decline the erasure of the personal data and re-quest that their use be restricted instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
- you have objected to processing pursuant to article 21, paragraph 1 of the GDPR pending a determination as to whether the legitimate grounds of the controller over-ride your own.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, ex-ercise or defense of legal claims or for the protection of the rights of another natural or le-gal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to Erasure
a) Duty to erase
You may request the immediate erasure of the data concerning you, and OVGU, as the data controller, shall be obliged to erase the data without delay, if one of the following reasons applies:
- The personal data concerning you are no longer required for the purposes for which they were collected or processed in any other way.
- You revoke your consent upon which the processing was based pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) of the GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing in accordance with article 21, paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with article 21, paragraph 2 of the GDPR.
- The personal data concerning you were processed unlawfully.
- The erasure of your personal data is required in order to fulfill a legal obligation un-der Union law or the law of the Member States to which the controller is subject.
- Your personal data were collected in relation to the use of information society services in accordance with article 8, paragraph 1 of the GDPR.
b) Information to third parties
If the data controller has published your personal data and if it is obliged to erase them in accordance with article 17, paragraph 1 of the GDPR, then it shall take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, to inform those responsible for processing the personal data that you, as the data subject, have required them to erase all links to this personal data or copies or replications of this personal data.
c) Exceptions
There is no right to erasure insofar as the processing is required
- for exercising the right of freedom of expression and information;
- in order to fulfill a legal obligation that requires the processing under Union or Mem-ber State law to which the data controller is subject, or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health as stipulated by article 9, paragraph 2 letters h) and i) as ) well as article 9, paragraph 3 of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89 paragraph 1 of the GDPR, in-sofar as the right referred to in letter a) is likely to render impossible or seriously im-pair the achievement of the objectives of that processing, or
- for the establishment, exercise or defense of legal claims.
5. Right to Information
If you have exercised your right to information, erasure or restriction of processing vis à vis the data controller, then the controller shall be obliged to notify all recipients to whom your personal data were disclosed of this rectification or erasure of data or restriction of pro-cessing, unless this should prove impossible or would involve disproportionate effort.
You have the right, vis à vis the data controller, to be notified of these recipients.
6. Right to Data Portability
You have the right to obtain the personal data that you provided to the data controller in a structured, commonly used and machine-readable format. Furthermore, you are entitled to transmit these data to another data controller without hindrance from the controller to which the personal data were provided, where
- the processing is based on consent pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) of the GDPR and
- the processing is carried out by automated means.
Furthermore, in exercising this right, you are entitled to have your personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of Objection
You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on article 6, paragraph 1, letter e) of the GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated methods where technical specifications are used.
8. Right to Revoke the Data Protection Declaration of Consent
You have the right, at any time, to revoke your data protection declaration of consent. The legality of the processing undertaken on the basis of the consent provided up until the time of revocation shall be unaffected by the revocation of consent.
9. Automated Individual Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- is necessary for entering into, or performance of, a contract between you and the data controller,
- is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in article 9, paragraph 1 of the GDPR, unless article 9, paragraph 2 letters a) or g) of the GDPR apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall at least include the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the pro-cessing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the com-plainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to article 78 of the GDPR.