..
Suche
Hinweise zum Einsatz der Google Suche
Erweiterte Suche
Personensuchezur unisono Personensuche
Veranstaltungssuchezur unisono Veranstaltungssuche
Katalog plus

Privacy Policy

I. Name and Address of the Controller

The controller in terms of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is the:

University of Siegen
Adolf-Reichwein-Str. 2a
57076 Siegen
Germany
Tel: 0271-740 - 0
E-mail: info@uni-siegen.de
Website: www.uni-siegen.de

II. Contact details for the Data Protection Officer

The data protection officer of the controller can be reached at:

Adolf-Reichwein-Str. 2a
57076 Siegen
Germany
Tel: +49 271 – 740 5147
E-mail: datenschutzbeauftragter@uni-siegen.de

III. General Information on Data Processing

1. Scope of Personal Data Processing

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users only takes place with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1), point (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1), point (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1), point (c) of the GDPR serves as the legal basis.

In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1), point (d) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh this interest, Art. 6(1), point (f) of the GDPR serves as the legal basis for the processing.

3. Data Erasure and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or erased when a retention period prescribed by the above standards expires, unless there is a need to retain the data for the purpose of concluding or fulfilling a contract.

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Whenever our website is called up, our system automatically collects data and information from the computer system of the computer accessing it.

The following data are collected in this process:

  1. Information concerning the browser type and version used
  2. The user’s operating system
  3. The user’s Internet Service Provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user’s system accesses our website
  7. Websites which are accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal Basis for the Data Processing

The legal basis for the temporary storage of data and the log files is point (f) of Art. 6(1) of the GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.


These purposes are also part of our legitimate interest in data processing in accordance with Art. 6(1), point (f) of the GDPR.

4. Duration of Storage

The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

In the case of data storage in log files, this is the case after 14 days at the latest. A storage beyond this is possible. In this case, the IP addresses of the users are erased or masked so that an assignment to the accessing client is no longer possible.

5. Possibility of Objection and Removal

The collection of data for the provision of the website and the storage of the data in log files is required for the operation of the website. There is therefore no possibility of objection on the part of the user.

V. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are saved by and stored in the Internet browser on the user's computer system. If a user calls up a website, a cookie may be saved on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser be identifiable even after a page change.

2. Legal Basis for the Data Processing

The legal basis for the processing of personal data using cookies is Art. 6(1), point (f) of the GDPR.

3. Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser will be identifiable even after a page change.

The user data collected through technically necessary cookies is not used to create user profiles.

These purposes are also part of our legitimate interest in the processing of personal data in accordance with Art. 6(1), point (f) of the GDPR.

4. Duration of Storage, Possibility of Objection and Removal

Cookies are stored on the user's computer and transmitted by the user to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies existing on your computer may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website would be available to their full extent.

VI. Newsletter

1. Description and Scope of Data Processing

Our website offers the possibility to subscribe to a free newsletter. When subscribing for the newsletter, the data from the input mask is transmitted to us.

In addition, the following data is collected during registration:

  1. IP address of the accessing computer
  2. Date and time of registration

Your consent to the processing of the data is obtained and you are referred to this privacy policy during the registration process.

The data obtained in the registration process will not be forwarded to third parties in the context of the dispatch of the newsletter. The data are used exclusively for the purpose of sending the newsletter.

2. Legal Basis for the Data Processing

If the user has given their consent to the processing, the legal basis for the processing of data after subscription to the newsletter by the user is point (a) of Article 6(1) of the GDPR.

3. Purpose of Data Processing

The collection of the user's e-mail address for sending the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of Storage

The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process are usually erased after a period of seven days.

5. Possibility of Objection and Removal

The subscription to the newsletter can be cancelled by the user concerned at any time. A corresponding link for this purpose is included in every newsletter.

This also enables the revocation of the consent to store personal data collected during the registration process.

VII. Contact Form and Contact by E-Mail

1. Description and Scope of Data Processing

There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data entered on the input screen is transmitted to us and saved in our system. These data include:

  1. Last name
  2. First name
  3. E-mail address

The following data are also stored when the message is sent:

  1. The user’s IP address
  2. Date and time when the data were sent
  3. The address of the page from which the contact was initiated

Your consent to the processing of the data is obtained and you are referred to this Privacy Policy during the sending process.

Alternatively, you can contact us using the e-mail address provided. In this case, the user’s personal data communicated with the e-mail are saved and stored.

Data are not disclosed to third parties in this context. The data are used exclusively for the purpose of processing the conversation.

2. Legal Basis for the Data Processing

The legal basis for the processing of the data is Art. 6(1), point (a) of the GDPR if the user has given their consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1), point (f) of the GDPR. If the purpose of contacting us by e-mail is to conclude a contract, an additional legal basis for processing is point (b) of Art. 6(1) of the GDPR.

3. Purpose of Data Processing

The processing of data obtained from the input screen is only for the purpose of process the communication with the data subject. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of Storage

The data are erased once they are no longer needed in order to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed terminated once it becomes clear from the circumstances that the relevant issue has been conclusively resolved.

The additional personal data collected during the sending process will be erased after a period of seven days at the latest.

5. Possibility of Objection and Removal

The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot continue.

All personal data stored in the course of contact will be erased in this case.

VIII. Integration of Third-Party Services

1. Web Analytics by Matomo (formerly PIWIK)

a) Scope of Personal Data Processing

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (see above for cookies). The following data are saved when individual pages of our website are called up:

  1. Two bytes of the IP address of the accessing system of the user
  2. The accessed website
  3. The website from which the user has reached the accessed website (referrer)
  4. The subpages that are called up from the access web page
  5. The time spent on the website
  6. The frequency of visiting the website

The software runs exclusively on the servers of our website. The personal data of the users is stored only there. The data will not be passed on to third parties.

The software is set up in such a way that the IP addresses are not saved in their complete form, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the accessing computer.

b) Legal Basis for the Processing of Personal Data

The legal basis for the processing of the personal data of the user is point (f) of Art. 6(1) of the GDPR.

c) Purpose of Data Processing

The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes are also part of our legitimate interest in processing the data in accordance with Art. 6(1), point (f) of the GDPR. By anonymising the IP address, the interest of the users in the protection of their personal data is sufficiently taken into account.

d) Duration of Storage

The data are erased as soon as they are no longer required for our recording purposes.
In our case this is the case after 90 days.

e) Possibility of Objection and Removal

Cookies are stored on the user's computer and transmitted by the user to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies existing on your computer may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website would be available to their full extent.
We offer our users on our website the possibility of an opt-out from the analysis procedure. To do this, you must follow the corresponding link. This saves another cookie on your system, which signals our system not to save your data. If the user deletes the corresponding cookie from their system, they must set the opt-out cookie again.

For more information about the privacy settings of the Matomo software, please follow this link: https://matomo.org/docs/privacy/.

2. Use of Google CSE

The internet offer of the University of Siegen uses the "Google Custom Search Engine ("Google CSE") as a central search service as soon as it is activated by the user with a click. The integrated search service allows a full-text search for contents of the official internet presence of the University of Siegen. Access to this search function is possible via a search box embedded in the web pages.

a) Activating the Search Function

By clicking on the Google CSE usage information button, the user activates the search function and the search box is unlocked. By entering a search term in the search box, the search is activated and the data entered is passed on to Google. The search results are loaded using a plugin provided by Google.

b) Search Results Page

The plugin developed and provided by Google (Google Custom Search Engine "Google CSE") is integrated into the search results page as a software module "as-is" (unchanged) by the operator of the official website of the University of Siegen. The plugin enables an automated communication (data exchange) between the accessed page and the Google service when the search is activated. The use of the search function provided by Google involves a dynamic transfer of data by the service provider Google to the search results page.

c) Data Protection

As a matter of principle, no data is transmitted to the provider of the search service (Google) when official web pages of the University of Siegen are accessed. Data is only transferred to Google after the user has activated the search box. By activating and using the search function within the site, user data is simultaneously transferred to Google.

By activating and using the full text search, you agree to the use of the Google search service and thus also to the transfer of data to the Google service. This includes, for example, the search terms you entered and the IP address of the computer you are using. Please note that Google has different data protection standards than the University of Siegen's website. We expressly point out that the processing, in particular the storage, erasure and use of possibly transferred personal data is the responsibility of the provider of the search service and that the operator of the University of Siegen's website has no influence over the type and scope of the transferred data or their further processing.

If you are logged in at Google at the same time, the Google service is able to assign the information directly to your user profile.

Further information from Google about the handling of user data (privacy policy) is available at: https://policies.google.com/privacy?hl=en

3. YouTube

Within our online offer, functions and contents of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be integrated. Privacy policy: https://policies.google.com/privacy?hl=en-GB, opt-out: https://adssettings.google.com/authenticated.

4. Google Fonts

Within our online offer, fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be integrated. Privacy policy: https://policies.google.com/privacy?hl=en-GB, opt-out: https://adssettings.google.com/authenticated.

5. Adition AdServer

Our website uses the AdServer Adition as a technical solution for the delivery of advertising in cooperation with VariFast GmbH, Bucher Straße 43, 90419 Nuremberg, Germany.

Adition is provided by Adition Technologies GmbH, Oststraße 55, 40211 Düsseldorf, Germany.

The AdServer is used to deliver advertising on the Internet and to manage the delivery of advertising. Adition uses cookies when you visit our website. Adition does not save or store any personal data. All information is of a technical nature and makes it possible, for example, to control the frequency of the display of an advertisement. The saving of cookies can be prevented by the user via the settings of the Internet browser used. There you can also delete already existing cookies.

You can also object to the processing of cookies for advertising purposes by clicking on the following link:

This sets a so-called opt-out cookie on your computer. This cookie prevents a cookie with an advertising ID from being saved in your browser or you being assigned to other advertising categories. An already existing ID of the operator is erased. This also means that the operator's customers can no longer assign you their own ID or advertising categories. Of course, the opt-out cookie requires that you do not prevent the saving of cookies through your Internet browser settings or delete the cookie. If you delete the opt-out cookie, you would need to complete this objection procedure again. If an opt-out cookie is set in your browser, you can also undo this by clicking the following link:

You can also use the preference management of the EDAA, which you can access via the following link:

In addition, the operator will consider it an objection to data processing for advertising purposes if you set the Do-Not-Track-option in your browser settings. If you prevent the use of a mobile identifier in the settings of your mobile device (smartphone/tablet), it will no longer be used for advertising delivery via the app(s) of the respective device. However, the setting does not affect cookies stored in the browser of the same device. An objection to the processing of such cookies would therefore have to be declared separately (e.g. using the preference management linked above via the device's browser).

All data protection regulations of Adition technologies AG can be found under

https://www.adition.com/datenschutz/

IX. Rights of the Data Subject

The following list includes all rights of the data subjects according to the GDPR. Rights that are not relevant for our website do not have to be mentioned, for which reason the list may be shortened.
If your personal data is processed, you are the data subject” within the meaning of the GDPR and you have the following rights in relation to us as the controller:

1. Right of Access

You can request from the controller confirmation of whether personal data concerning you is processed.

In the event of such processing, you may request access to the following information from the data controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage;
  5. the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

You have the right to request access to information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer.

2. Right to rectification

You have the right to ask the data controller to rectify and/or complete the data if the personal data processed concerning you are inaccurate or incomplete. The controller shall effect the rectification without delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you are opposed to the erasure of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  4. if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of the personal data in question has been restricted, these data – with the exception of their storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest for the Union or a member state.
If the processing has been restricted in accordance with the above requirements you will be notified by the controller before the restriction is lifted.

4. Right to Erasure

a) Duty to Erase

You may request the controller to erase personal data concerning you without delay and the controller is obliged to erase such data without delay if one of the following reasons applies:

  1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. you revoke your consent on which the processing was based pursuant to Art. 6(1), point (a) or Art. 9(2), point (a) of the GDPR, and there is no other legal basis for the processing.
  3. you object to the processing pursuant to Art. 21(1) of the GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
  4. the personal data concerning you have been processed unlawfully.
  5. the erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the member states to which the controller is subject.
  6. The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8(1) of the GDPR.

b) Information to Third Parties

If the controller has made public the personal data concerning you and is obliged to erase them pursuant to Art. 17(1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures to inform data controllers which are processing the personal data that you, as a data subject, have requested the erasure of all links to these personal data or copies or replications of these personal data.

c) Exceptions

The right of erasure does not exist insofar as the processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. in order to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9(2), points (h) and (i) and Art. 9(3) of the GDPR;
  4. for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to Be Informed

If you have asserted the right to rectify, erase or restrict the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients.

6. Right to Data Portability

You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom the personal data have been made available, provided that

  1. the processing is based on a consent pursuant to Art. 6(1), point (a) of the GDPR or Art. 9(2), point (a) of the GDPR or on a contract pursuant to Art. 6(1), point (b) of the GDPR and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby.
The right to data portability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

On grounds relating to your particular situation, you have the right to object to the processing of your personal data which occurs on the basis of points (e) or (f) of Art. 6(1) of the GDPR at any time; this also applies for profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

8. Right to Withdraw a Declaration of Consent under Data Protection Law

You have the right to withdraw a declaration of consent at any time. Withdrawal of consent does not affect the legality of the processing which has been carried out on the basis of the consent before it was withdrawn.

9. Automated Individual Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

  1. is necessary for the conclusion or fulfilment of a contract between you and the controller,
  2. is authorised by Union or national legislation to which the controller is subject and there are legal provisions in place providing for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is based on your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2), point (a) or (g) of the GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases described under (1) and (3), the controller shall take suitable measures to safeguard your rights and freedoms as well as your legitimate interests, which at least entails the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state in which you are resident, the member state in which you work or in the place of the alleged infringement if you consider that the processing of personal data concerning you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.

Aktualisiert via XIMS am 25.8.2020 von Gabriel Klein
 
Suche
Hinweise zum Einsatz der Google Suche