Privacy Policy

Contact details of the entity responsible

Pursuant to the General Data Protection Regulation (GDPR), national data protection laws of the various member states, and other privacy regulations, the entity responsible for the online blog is:

Universität Hamburg
Mittelweg 177 – 20148 Hamburg – Germany
Tel.: +49 40 42838-0 – Fax: +49 40 42838-9586

University of Hamburg data protection officer contact details

Mittelweg 177
20148 Hamburg
datenschutz@uni-hamburg.de

Objective and basic information on the legal basis of data processing

This privacy policy clarifies the nature, scope, and purpose of the processing of personal data within our online web presence and the associated websites, functions, and content. The privacy policy applies regardless of the domains, systems, platforms, and devices used (e.g., desktop or mobile) used to access the online presence.

We process the personal data of our users only in compliance with the relevant data protection regulations in accordance with the principles of data minimization. As a rule, processing of personal data occurs only with user consent. An exception applies where the processing of data is permitted by law.

We take state-of-the-art organizational, contractual, and technical security measures to ensure compliance with the provisions of data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

If content, tools, or other means from third-party providers registered abroad (e.g., YouTube videos) are used as part of our online presence, it can be assumed that data will be transferred to the countries in which the third-party providers are based.

If you have consented to data processing, we process your personal data on the basis of Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR, insofar as special categories of data are processed in accordance with Article 9 paragraph 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49 paragraph 1 letter a GDPR. If you have consented to the storage of cookies or access to information in your end device, data processing is also carried out on the basis of Section 25(1) of the German law on data protection and privacy protection in telecommunications (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG). Consent can be revoked at any time. If your data is required to fulfill a contract or to carry out precontractual measures, we process your data on the basis of Article 6 paragraph 1 letter b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Article 6 paragraph 1 letter c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Article 6 paragraph 1 letter f GDPR. Information on the relevant legal bases for each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

We work with various external bodies as part of our operations. In some cases, it is also necessary to transfer personal data to these external bodies. We only transfer personal data to external bodies if this is necessary in the context of fulfilling a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in passing on the data in accordance with Article 6 paragraph 1 letter f GDPR, or when permitted on another legal basis.

When using external processors, we only pass on our customers’ personal data on the basis of a valid contract for order processing. Joint processing is only conducted under a joint processing agreement.

Storage period

Unless a more specific storage period has been specified in this privacy policy, your personal data will be stored until the purpose for data processing no longer applies. If you exercise your right to request deletion of your data or revoke your consent to data processing, your data will be deleted unless we are legally required to retain it (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

Definitions

For the purposes of this privacy policy, the term:

  1. “user” means all customers and visitors to our website, whereby the term is to be understood as gender neutral.
  2. “website or online offer” refers to the content and functions contained on and associated with our website.
  3. “third-party providers” means other, external providers; whose content, tools, or other means we use as part of our online offering; and whose registered office may be abroad. Examples include video platforms such as YouTube.

Data processing

1. Accessing this blog and creating log files

Data and information are collected every time this blog is accessed or used. These data and information are stored in log files on the server.

This includes:

  • IP address
  • browser type / browser version
  • date and time the blog was accessed
  • user Internet service provider
  • user operating system
  • referring website
  • websites accessed by the user’s system through our website

This data is not merged with other data sources.

This data is recorded on the basis of Article 6 paragraph 1 letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, the server log files must be recorded.

2. Cookies

Our website uses cookies. Cookies are small data files, created and stored by the Internet browser on the user’s computer’s hard drive. Accessing a website may result in a cookie being saved on your operating system. This cookie contains a specific string of characters that allows the browser to be clearly recognized every time the website is accessed. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

The purpose of these technical cookies is to simplify website use.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may restrict some of the functionality of this website.

The legal basis for the processing of personal data using cookies to provide certain functions you have requested, to optimize the website, or to measure the web audience (necessary cookies) is Article 6 paragraph 1 letter f GDPR. The website operator has a legitimate interest in the storage of necessary cookies to provide error-free technical function optimize its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Article 6 paragraph 1 letter a GDPR and Section 25 paragraph 1 TDDDG); the consent can be revoked at any time.

3. SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator.

You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Contact form and email contact

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Article 6 paragraph 1 letter b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of precontractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of requests addressed to us (Article 6 paragraph 1 letter f GDPR) or on your consent (Article 6 paragraph 1 letter a GDPR) if requested; you can withdraw your consent at any time.

We will retain the data you provide on the contact form until you request its deletion, you revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g., after fulfilling your request). Mandatory statutory provisions, particularly retention periods, remain unaffected.

6 . Consent with Borlabs Cookie

Our website uses Borlabs Cookie’s Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.

Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Web analytics tools

Matomo

This website uses the open source web analytics service Matomo in log analytics mode.

With this method, usage data is analyzed directly from the server logs. Matomo analyses are carried out on the basis of the data stored in the access log files of the web server. Access log files contain information about all requests sent to the server, which also includes information about the activities on the website or the end devices used. This information is transmitted to the web server when the website is accessed by the end device used. The web server does not access the device memory in this case.

No cookies are set in log analytics mode. The use of this analysis tool is based on Article 6 paragraph 1 letter f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

Hosting

We host Matomo exclusively on our own servers so that all analytical data remains with us and is not passed on.

Plug-ins and tools

Google Fonts (local hosting)

This site uses so-called Google Fonts, which is provided by Google, for the uniform display of fonts. Google Fonts is installed locally. There is no connection to the Google’s servers.

Find further information about Google Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://policies.google.com/privacy?hl=en.

H5P

We use the H5P plug-in to deliver teaching/learning content. The name and address of the provider is Joubel, Flow Coworking, Storgata 5, 9008 Tromsø, Norway.

All H5P files are hosted on our own servers. There is no connection to the provider’s servers.

H5P processes and stores anonymized reporting data from your interactions with H5P elements via an xAPI interface. This data is used to obtain feedback on the design of the interaction options.

The use of H5P is in the interest of an providing an appealing online presence and interactive teaching/learning content consistent with open education, open access, and open source approaches. This constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f GDPR.

Further information on H5P can be found at https://h5p.org/plugin-gdpr-compliance and https://h5p.org/privacy.

If you use interactive H5P content that contains a video hosted on YouTube, YouTube will set cookies on your computer. YouTube uses these cookies to help YouTube and its partners analyze incoming and outgoing traffic on their websites. For more information, refer to Google’s privacy policy (https://policies.google.com/privacy).

For the purpose of providing interactive H5P content based on YouTube videos, the use of YouTube constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f GDPR, as we would otherwise not be able to provide this interactive content.

If you use interactive H5P content that contains an X (formerly Twitter) feed, X sets a cookie on your computer. X uses these cookies to help X and its partners make advertising more relevant to you. Read the X privacy policy for more information (https://x.com/privacy).

For the purpose of providing interactive H5P content based on X feeds, the use of X constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f GDPR, as we would otherwise not be able to provide this interactive content.

If you use interactive H5P content that contains speech recognition, Google Cloud processes your voice for conversion to text. For more information, refer to Google’s privacy policy (https://policies.google.com/privacy).

For the purpose of providing interactive H5P content based on a speech recognition function, the use of Google Cloud constitutes a legitimate interest within the meaning of Article 6 paragraph 1 letter f GDPR, as we would otherwise not be able to provide this interactive content.

Rights of the data subject

You have the following rights:

  • the right to information regarding personal data pertaining to you that is stored by us (Article 15 GDPR);
  • the right to rectification of any incorrect or incomplete personal data (Article 16 GDPR);
  • the right to erasure of stored personal data insofar as the relevant data is not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation; for reasons of public interest; or the purpose of establishing, exercising, or defending a legal claim (Article 17 GDPR);
  • the right to restrict processing of personal data (Article 18 GDPR);
  • the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21 GDPR);
  • the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR)— As a consequence, we may no longer process any data based on this consent from the date consent is withdrawn.
  • You also have the right to lodge a complaint with a supervisory authority where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR).

Withdrawal of consent / objection to processing

Please send your withdrawal of consent to:

University of Hamburg – Faculty of Business, Economics and Social Sciences – Department of Social Science – Professor Vera Troeger

Von-Melle-Park 5 – 20146 Hamburg

Data subject rights

You may exercise your rights as a data subject, for example, you may obtain information on stored data by contacting datenschutz@uni-hamburg.de