Privacy statement
Contact Details
Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity (“Controller”) is:
University of Hamburg represented by the president
Mittelweg 177
20148 Hamburg
praesident"AT"uni-hamburg.de
The University of Hamburg is a corporation under German public law, represented by Univ.-Prof. Dr. Hauke Heekeren, president of the University of Hamburg, Mittelweg 177, 20148 Hamburg.
University of Hamburg Data Protection Officer contact details:
University of Hamburg Data Protection Officer
Mittelweg 177, 20148 Hamburg
datenschutz"AT"uni-hamburg.de
A. Data processing
1. Accessing this website and creation of log files
information are collected every time this website is accessed or used. These data and information are stored in log files on the server and can include:
- IP address
- browser type / browser version
- date and time the website was accessed
- user Internet service provider
- user operating system
- referring website
- websites accessed by the User’s system through our website
The temporary storage of data and log files is lawful pursuant to Article 6 (1) lit. f General Data Protection Regulation (Datenschutz-Grundverordnung—DSGVO)
The IP address is temporarily stored in the system as it is necessary to provide website access to the User’s computer. The IP address is retained while that website is being accessed.
These log files are stored to ensure website functionality, optimize the content of our website, and ensure the security of our IT system.
The data will be deleted when they are no longer needed for the purpose they were collected. For data collected to provide access to the website, this will be at the end of every session.
For log files, this will occur after 28 days at the latest. Some data may be preserved for a longer period of time, in which case user IP addresses are deleted or anonymized, rendering it impossible to link the data to any individual.
2. Newsletter
On our website, you can subscribe to the free University of Hamburg newsletter.
When you register, you will be asked to give your consent to our processing of your data and referred to our Privacy Statement. The process of registering for the newsletter will transmit the information you have entered into the online data entry form.
In addition, the University of Hamburg uses a double opt-in procedure for delivery of the newsletter. This means that an email will be sent to the email address you provided, in which you will be asked to confirm your registration for the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and then automatically deleted.
In addition, during registration and deregistration, we store the email address, name of the newsletter, the time, and the type of confirmation (web confirmation or email confirmation) to be able to prove registration and to identify possible misuse.
The processing of information following user registration for the newsletter is lawful subsequent to user consent pursuant to Article 6 paragraph 1 letter a GDPR.
The data provided to register for the newsletter will only be used to deliver the newsletter to you and will not be given to third parties. You may withdraw your consent at any time with future effect. You can withdraw consent by sending an email to the sender or by clicking on the respective link in the newsletter. Your data will then be immediately deleted from the system.
3. Registration
Users can register on the University of Hamburg webpages by providing personal data. All information requested in the online data entry form will be transmitted as part of the registration process.
You will be asked to grant your consent for the processing of this data as part of the registration process.
These data are processed subsequent to user consent pursuant to Article 6 paragraph 1 lit. a GDPR.
User registration is necessary to provide specific content and services on our website, including the creation and administration of user accounts, participation in surveys, the administration of applications for admission and placement tests, the organization of examinations, registering for courses, events, examinations, and the administrative tasks associated with them.
The data will be deleted when they are no longer needed for the purpose they were collected.
4. Mail forms
There are contact forms and other mail forms on the University of Hamburg webpages that can be used to communicate electronically. When registering, the data entered by you into the online data entry form will be transmitted. Your consent is required for the processing of this data, and you will be referred to our Privacy Statement and asked to grant your consent when you send the form.
Moreover, individuals will be informed about the purpose of the data processing for which they are granting consent.
Your consent is required for the processing of your personal data (Article 6 paragraph 1 letter a GDPR or Article 6 paragraph 2 letter a GDPR if special categories of personal data—e.g., health data—are specified in the email form). Consent is voluntary. The duration of storage of the data depends upon the processing purpose, which will be listed separately in the email form. You can revoke this consent at any time.
5. Email contact
You can contact the University of Hamburg via its website by using the email addresses provided. In this case, the personal data provided in the email will be stored. This information will not be passed on to third parties.
This processing is lawful pursuant to Article 6 paragraph 1 lit. e GDPR in conjunction with Section 4 Hamburg data protection and privacy act (Hamburgisches Datenschutzgesetz, HmbDSG), where the processing of the personal data provided by you to process your inquiry is required to discharge our duties. Communication of additional information by you is voluntary, based on your consent pursuant to Article 6 paragraph 1 lit. a GDPR.
These data are only stored for the purposes of processing that communication and for the purposes stated in that communication.
6. Comment function
Some areas of our website provide a comment function. If you leave a comment, it will be published with your user name in that particular document. We recommend you use a pseudonym instead of your actual name. To use the comment function, you must enter the user name you have chosen and your email address. All other information is voluntary. If you leave a comment, we will save it to the file with the information listed above, and the date and time the comment was made. Your IP address will always be saved when you open the website, see Section A. 1.
Your email address will be saved for the purpose of contacting you if a third party reports your comment as being unlawful. Your IP address is saved for the purpose of protecting you against third-party claims in the event of the publication of unlawful content.
We reserve the right to delete comments that we, or third parties, hold as being unrelated to the website, or which are unlawful.
Your email address will remain stored as long as your comment is visible.
This processing is lawful in accordance with Article 6 paragraph 1 letter a GDPR, i.e., you have granted your consent.
We also offer a service which informs you via email when your comment is published, or rejected, or if another user has left a comment on your contribution. To use this service, you must click on the relevant check box when you submit your comment.
This processing is lawful in accordance with Article 6 paragraph 1 letter a GDPR, i.e., you have granted your consent.
B. Web analysis
1. Matomo
University of Hamburg uses the cookieless version of the open-source software Matomo on its website for the analysis and statistical evaluation of its use.
Visits to our website are collected anonymously and evaluated without the use of tracking cookies. Matomo does however require that the IP address assigned to your end device be communicated to Matomo. The IP address is anonymized immediately on collection and before the data are stored. Matomo does not undertake any further processing of personal data.
This processing is lawful on the basis of Article 6 subsections 1 e and 3 GDPR in conjunction with Section 4 of the Hamburg data protection act (Hamburgisches Datenschutzgesetz, HmbDSG) in conjunction with Section 6 subsection 2 no. 1 Hamburg higher education act (Hamburgisches Hochschulgesetz, HmbHG).
2. etracker
etracker is deactivated on this site
C. Cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
There are different types of cookies. On the one hand, a distinction is made between first-party cookies and third-party cookies. While first-party cookies are set by the website you are currently visiting and only this website can read information from the cookies, third-party cookies are set by third parties who are not operators of this website. The University of Hamburg does not use third-party cookies.
In addition, a distinction is made between session cookies and persistent cookies. Session cookies contain information that is only stored temporarily and is automatically deleted when you leave the website. Persistent cookies (also permanent cookies) are automatically deleted after the specified storage period, which may vary depending on the type of cookie. However, you can delete these cookies at any time via your browser settings.
The purpose of using necessary (also technically necessary) cookies is to simplify the use of websites for users.
The legal basis for the storage of cookies or for the storage of information in the end user's terminal equipment and access to this information already stored in the terminal equipment results from the Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG). In addition, the legal basis for the further processing of personal data collected in this context arises from the General Data Protection Regulation.
Cookies are stored on the user's computer and transmitted to us by the user. Therefore, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by making a change in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Required cookies (Essential category)
Necessary cookies are set to make a website usable by enabling basic functions so that a website can function properly. The legal basis for storing information on the terminal device (by means of a cookie) and accessing the information is Section 25 Subsection 2 Telecommunications Digital Services Data Protection Act (TDDDG). If personal data is processed at the same time as or subsequently with the storage of or access to the information, the legal basis is Article 6 subsections 1 e and 3 GDPR in conjunction with Section 4 of the Hamburg data protection act (Hamburgisches Datenschutzgesetz, HmbDSG) in conjunction with Section 3 and 4 Hamburg higher education act (Hamburgisches Hochschulgesetz, HmbHG).
Name | Provider | Purpose | Expiration | Type |
---|---|---|---|---|
fionaapp_session | UHH | Protection against cross-site scripting (protection against software attacks) | Session | HTTP Cookie |
_shibsession_* | UHH | Store Shibboleth login to a website (authentication of user ID) Session HTTP Cookie | Session | HTTP Cookie |
D. Data transfer to third parties
1. Social media
Information on the data protection of our social media channels can be found in the Privacy policy for our social media pages.
YouTube
We use the services provided by YouTube to embed videos into our website. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland, EU (Google).
Clicking on “Play video” embeds an iframe with the provider’s content into the page. No service content is integrated, nor are any data transferred before the User clicks.
When you activate the content, the operator of the social media platform receives information that the relevant page has been accessed, for which personal data are transmitted to the platform operator.
Use of YouTube allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a YouTube (Google) server in the USA. Google is certified under the EU-U.S. Data Privacy Framework.
Further information on the processing of data and the YouTube (Google) privacy statement are available at https://policies.google.com/privacy?hl=en&gl=en.
Vimeo
We use the Vimeo plugin for the Vimeo video portal operated by Vimeo LLC.,555 West Street, New York, New York 10011, USA to integrate video material that we have published on Vimeo.
When you access a page on our website featuring an embedded Vimeo video, this will connect to the Vimeo servers, which notify your browser to display the plugin. Information regarding which of our page(s) you have visited will be transmitted to the Vimeo server. If you are logged into your Vimeo account, Vimeo will be able to store this information in your User Account. If you activate a plugin on our website, for example, by clicking the start button for a video or leaving a comment, this information will be stored in your Vimeo account. You can prevent this by logging out of your Vimeo account.
Use of Vimeo allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a Vimeo server in the USA. Vimeo is certified under the EU-U.S. Data Privacy Framework.
If you do not wish to allow the use of cookies, you can block cookies, or delete them (see Point A.2) using the settings in your browser or by using an appropriate browser Add-On.
Further information on the processing of data and the Vimeo privacy statement are available at https://vimeo.com/privacy.
2. Online tools
Google Maps
We use the Google Maps API, an interactive map and navigation service provided by Google LLC (“Google”). Google Maps is operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of Google Maps allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a Google server in the USA. Google may provide the information gained from Maps to third parties, in so far as this is permitted by law or where those third parties process said data as agents of Google.
You may deactivate the Google Maps service, thus preventing the transmission of data to Google, by deactivating JavaScript in your browser. Please note, however, that this will prevent your use of the maps on our website.
The Google privacy policy and additional terms of use for Google Maps are available at https://policies.google.com/privacy?hl=en&gl=en
Google Custom Search
The central search function for our website is provided by the Google Custom Search Engine (GCSE). This search function allows for full text searching through the online material of our website. This search function is accessed by a search box, embedded in the header bar of each individual webpage.
The search box on these webpages (“Search Box”) is provided by Google LLC. and integrated into our webpages without alteration as a software module. By entering a search term into the search box and clicking search, the User activates the search function. This in turn calls up a Search Results page, loaded by a Google provided plugin, which displays the relevant search results. The plugin enables search results to be automatically conveyed from the Google search service to the search results page. Use of the search function provided by Google constitutes a dynamic transmission of data from Google, the service provider, to the search results page. Data will only be transmitted to Google after a User has activated a search box, started a full-text search, and activated the search results page. Use of the search function within the search results page will simultaneously also transfer user data to Google. The full text search and the activation of the search results page this produces will transmit the search term you entered, and the IP address of the computer you are using to Google. If you are also logged into Google at that time, the Google service is able to link this information to your user profile. To prevent profile data accumulating, you should log out of your Google account.
Further information about how Google handles your user information is available at https://policies.google.com/privacy?hl=en&gl=en.
This processing of data is lawful pursuant to Article 6 paragraph 1 lit. f GDPR, and is in the legitimate interest of providing the most convenient use of our website.
3. Publication metrics
We use external service providers to integrate publication metrics into our website. Publication metrics are used by the relevant services to record citation rates and mentions in social media posts for scientific publications. Such metrics are integrated and displayed on our website using the service providers' badge. If you activate these badges, the metrics for the corresponding publication are retrieved via a distinct and permanent digital identifier for the individual publication. Your IP address is transmitted to the relevant service provider for technical reasons. However, your IP address is transmitted via the so-called two-click solution. This means that when you click on a badge, a pop-up is first displayed, and your IP address is transmitted only when you then click on the visible “Activate” button. The transmission takes place via the https request of your browser to the service provider’s external server. If your IP address is not transmitted, the external server cannot respond, and—as a result—the publication metrics cannot be displayed in your browser. You can deactivate activated badges at any time by clicking on the “Deactivate” button and thus stop the transmission of your IP address. The metrics of individual publications can also be retrieved directly on the website of the respective service provider without having to use the badges on our website.
In this respect, the legal basis for the processing of your personal data is your express consent in accordance with Article 6 paragraph 1 letter a GDPR in conjunction with Article 49 paragraph 1 letter a GDPR.
PlumX
We use the services of PlumX, among others, to integrate publication metrics into our website. PlumX is operated by Plum Analytics Elsevier, 1600 John F Kennedy Blvd #1800, Philadelphia, PA 19103.
As described above, graphics with the provider’s content will be embedded in our website if you click on “Activate.” No provider content is integrated, nor are any data transferred before you click on “Activate.”
When you activate the content, the provider of the badges receives information that the relevant page has been accessed and your personal data (IP address).
Use of PlumX publication metrics allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a PlumX server in the United States. The PlumX operating company is part of the RELX Group (www.relx.com), which is certified for under the EU-US Data Privacy Framework for non-HR data. This certification also covers the company operating PlumX.
Further information on the processing of data and the provider’s privacy statement are available at www.elsevier.com/legal/privacy-policy.
Altmetric
We continue to use publication-metrics services from Altmetric, operated through Digital Science & Research Solutions Ltd, 4 Crinan Street, London N1 9XW, United Kingdom.
As described above, graphics with the provider’s content will also be embedded in our website if you click on “Activate.” No provider content is integrated, nor are any data transferred before you click on “Activate.”
When you activate the content, the provider of the badges receives information that the relevant page has been accessed and your personal data (IP address).
Use of Altmetric publication metrics allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, Altmetric servers in the United Kingdom and also in the United States. However, the subsidiary company of Digital Science & Research Solutions Ltd—Digital Science & Research Solutions Inc., which is based in the United States—is certified under the EU-US Data Privacy Framework for non-HR data. The EU Commission has also issued an adequacy decision for the United Kingdom.
Further information on the processing of data and the provider’s privacy statement are available at www.altmetric.com/privacy-policy.
E. Your rights
You have the following rights:
- the right to information regarding personal data pertaining to you that is stored by us (Article 15 GDPR)
- the right to correction of any incorrect or incomplete personal information (Article 16 GDPR)
- the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Article 17 GDPR)
- the right to limited processing of personal data (Article 18 GDPR)
- the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21, GDPR);
- the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR)—this means that the data processing related to that consent will no longer be carried out;
- the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR)
F. Withdrawal of consent / objection to processing
The relevant declaration of consent indicates who you must contact to withdraw your consent.
G. Rights as a data subject
You may exercise your rights as a data subject, such as obtaining information on data being stored, by contacting datenschutz"AT"uni-hamburg.de