Contact details of the responsible body
Responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection regulations for the online offer “Blog” is:
University of Hamburg
Mittelweg 177
20148 Hamburg
Germany
Tel.: +49 40 42838-0
Fax: +49 40 42838-9586
Contact details of the data protection officer of the University of Hamburg
Mittelweg 177
20148 Hamburg
E-mail: datenschutz(at)uni-hamburg.de
Objective and basic information on data processing
This privacy policy explains the nature, scope and purpose of the processing of personal data within our online offering and the websites, functions and content associated with it. The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.
We process personal data of our users only in compliance with the relevant data protection provisions in accordance with the principles of data economy and data avoidance. It follows that the processing of personal data of our users regularly takes place only after the consent of the user. An exception applies in those cases in which the processing of the data is permitted by legal regulations.
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
If content, tools or other means of third-party providers (e.g. YouTube videos) are used within the scope of our online offer and their named registered office is abroad, it is to be assumed that a data transfer to the registered office states of the third-party providers takes place.
Storage period
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Definitions
For the purposes of this Privacy Policy, the term:
“User” means all customers and visitors to our Website, which term shall be understood to be gender-neutral;
- “Website or Online Offer” means, on an overarching basis, the content and functions contained on our Website and connected to the Website;
- “Third-party providers” other providers that are different from us, whose content, tools or other means we use as part of our online offering and whose named registered office may be abroad. For example, video platforms such as YouTube are to be mentioned here.
Hosting
External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
Timme Hosting GmbH & Co. KG
Ovelgönner Weg 43
21335 Lüneburg
Germany
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Data processing
1. Provision of the blog and creation of logfiles
With every call and every use of this blog, data and information are collected. This data and information is stored in log files of the server.
Captured:
- IP address
- Information about the browser type and version used
- Date and time of access
- Internet service provider of the user
- Operating system of the user
- Websites from which the user’s system accesses our website
- Web pages that are called up by the user’s system via our website
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 e GDPR, i.V.m. § 4 HmDSG i.V.m. § 3 und 4 HmbHG..
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website, to optimize the content of the website and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 28 days at the latest. If the data is stored beyond this period, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.
The personal data will also be processed for the following purposes if there is a legal basis for doing so:
- the provision, execution, maintenance, optimization and safeguarding of our services, services and user services;
- ensuring effective customer service and technical support.
2. Use of cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users.
3. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Disclosure of data to third parties
2. Online tools
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.
YouTube with enhanced data protection
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network – regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If applicable, further data processing operations may be triggered after the start of a YouTube video over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=en.
WordFence
We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made to our website and block them if necessary.
The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.
Your rights
You have the following rights:
- the right to information regarding personal data pertaining to you that is stored by us (Article 15 GDPR);
- the right to correction of any incorrect or incomplete personal information (Article 16 GDPR);
- the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Article 17 GDPR);
- the right to limited processing of personal data (Article 18 GDPR);
- Right to data portability (Art. 20 GDPR);
- the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21, GDPR);
- the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR)—this means that the data processing related to that consent will no longer be carried out;
- the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR)
Withdrawal of consent / objection to processing
Please send your withdrawal to:
Jan Frömming, Dept. of International Affairs, Universität Hamburg, Mittelweg 177, 22767 Hamburg, sdg-poster-competition.pv@uni-hamburg.de
Rights as a data subject
You may exercise your rights as a data subject, such as obtaining information on data being stored, by contacting datenschutz@uni-hamburg.de
(Status: 15.03.2022)