Data Protection Declaration for the websites of Humboldt-Universität zu Berlin

We are pleased with your interest in our web presence. The protection of your personal data is very important for us. The use of our websites is generally possible without specification of any personal data. If you make use of special services of our websites, it might, however, become necessary to process personal data. If this is necessary and if there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, e.g. name, address, email address or telephone number of a data subject, always complies with the General Data Protection Regulation (EU GDPR) and with the Berlin Data Protection Act (BlnDSG) applicable to Humboldt-Universität. By means of the following data protection declaration, we would like to inform you about type, scope and purpose of the personal data collected by us. With this data protection declaration, we will apart from that inform you about the rights you have.

The Data Protection Declaration of Humboldt-Universität zu Berlin is based on the terms that have been used by the European body issuing directives and regulations when passing the General Data Protection Regulation. The terms used are explained at the end of this document in a glossary.
 

1. Name and address of the data controller


The controller within the meaning of the General Data Protection Regulation is:

Humboldt-Universität zu Berlin
The President
Prof. Dr.-Ing. Dr. Sabine Kunst
Unter den Linden 6
10099 Berlin

Phone: +49 (30) 2093-2100
Email: praesidentin@hu-berlin.de
Website: www.hu-berlin.de/de/einrichtungen-organisation/leitung
 

2. Name and Address of the Data Protection Officer


The data protection officer of Humboldt-Universität zu Berlin is:

Ms. Gesine Hoffmann-Holland
Phone: +49 (30) 2093-2591
Email: datenschutz@uv.hu-berlin.de
Website: www.hu-berlin.de/de/datenschutz

 

3. Data Protection and Processing Purposes

Every time the website is called by a data subject or an automated system, the website of Humboldt-Universität zu Berlin gathers a series of general data and information. These general data and information are stored in the log files of the servers. The following is recorded: the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are controlled via an accessing system on our website, (5) the date and the time of an access to the website, (6) the Internet Protocol Address (IP address) shortened by the last digit for the purposes of anonymization and (7) other similar data and information which serve the hazard prevention in case of attacks on our information technology systems.

When using this general data and information Humboldt-Universität zu Berlin does not draw any conclusions on the data subject. This information is rather necessary in order to (1) deliver the contents of our website correctly, (2) to optimize the contents of our website, (3) to guarantee the permanent functionality of our IT systems and the technology of our website and (4) to provide the information necessary for prosecution to prosecution authorities in case of a cyber attack. These anonymously collected data and information are thus on the one hand analyzed by Humboldt-Universität zu Berlin statistically and moreover with the goal to increase the data protection and the data security in our institutions in order to finally ensure a perfect level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from any and all personal data specified by a data subject.

If a data subject contacts the data controller by email or using a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data voluntarily transmitted by a data subject will be stored for the purposes of processing them or for contacting the data subject. These personal data are not transmitted to third parties.
 

4. Erasing personal data and making them unavailable

Personal data collected by us will generally only be processed and stored as long as this is necessary to achieve the purpose of the storage and/or as long as this is required by laws or regulations. The log data specified under 3. will be erased after one week.
 

5. Rights of the data subject (withdrawal, access, rectification, erasure)

Every person affected by the processing of personal data is - according to the legal regulations - entitled to request from the data controller free access to or confirmation regarding the personal data stored about them. Apart from that, there is a right to the immediate rectification of incorrect personal data referring to them or erasure or to restriction of the processing or a right to object to the processing.

Any consent under the data protection law to the processing of personal data can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

There is the right to receive the personal data which have been provided by the data subject in a structured, commonly used and machine-readable format and to transmit those data to another controller.

Apart from that and irrespective of any other administrative or legal appeal, a complaint can be lodged with a supervisory authority of the Member States if there are doubts regarding the lawfulness of the processing of the personal data about them.

 

6. Cookies

The websites of Humboldt-Universität zu Berlin use cookies. Cookies are text files which are archived and stored on a computer system by a web browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique cookie code. It consists of a character string by means of which websites and servers can be assigned to the concrete web browser in which the cookie has been stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other web browsers containing other cookies. A certain web browser can be recognized and identified by means of the unique cookie ID.

By using cookies, Humboldt-Universität zu Berlin is able to provide you with user-friendly services, which would not be possible without setting cookies. It is, for example, not necessary to make your preferred language setting every time you call our website. The life cycle of our cookies is limited to the relevant session, i.e. when you close the browser completely, these cookies are deleted.

You can prevent the setting of cookies by our website at any time by means of corresponding setting of the web browser used and in this way permanently object to the setting of cookies. Apart from that, cookies already set can be deleted at any time via a web browser or other software programs. This is possible in all common web browsers.
 

7. Data protection regulations regarding the application and use of social media

Links to social media platforms such as Facebook, Twitter, Instagram and the like have been integrated into the HU websites. On the central HU websites, this is, however, no integration of data such as the “Like” button but only of links to the relevant external image of our institution on the corresponding platform. There is no storage of data relevant under data protection.
There are web presences of HU institutions deviating from this pattern.
 

8. Data protection regulations regarding the application and use of web analysis tools

The “Matomo” web analysis component was integrated into some HU websites. Web analysis is the acquisition, collection and analysis of data regarding the behavior of website visitors. Amongst others, a web analysis tool acquires data regarding the website from which a data subject came to a website (so-called referrer), which subsites of the websites were accessed or how often and for which duration a subsite was watched. Web analyses are mainly used to optimize a website.

The “Matomo” software is operated on a server of the HU Computer and Media Service, the log files relevant under data protection law are only stored on this server. We only use the data on the use of our website in an anonymized form.

Matomo uses cookies allowing for an analysis of the use of the website. For this purpose, the usage information (including your shortened IP address) generated by the cookie will be transmitted to our server and stored for the purposes of usage analysis. During this process, your IP address is immediately anonymized so that you, as user, remain anonymous for us. The information on your use of this website generated by the cookie will not be transmitted to third parties. You can prevent the use of the cookies by a corresponding browser setting.

If you do not agree to the storage and analysis of these data from your visit, you can object to the storage and use in the following, by means of a mouse click. In this case, a so-called opt-out cookie is archived in your browser; consequently, Matomo will not acquire any session data. Attention: If you delete your cookies, the opt-out cookie will also be deleted and it may be necessary for you to re-activate it.

More information and the applicable data protection regulations of Matomo can be called at http://matomo.org/docs/privacy/.
 

9. Data protection regulations regarding the application and use of “Mindbreeze”

The “Mindbreeze” component was integrated into some HU websites. Mindbreeze is a fee-based software for the full text search on our web servers. The Search Appliance is installed on a server in the computer and media service, the log files relevant under data protection law are only stored on this server. Mindbreeze uses cookies serving the analyzation of the frequency of use and the usage behavior of website users.
 

10. Legal basis of the processing

For our institution, art. 6 I letter a GDPR serves as legal basis for processing operations for which we obtain a consent for a certain processing purpose. If the processing of personal data is necessary, as this is for example the case in processing operations required for the dispatch of university publications, the processing is based on art. 6 I letter b GDPR. If our institution is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on art. 6 letter c GDPR. In rare cases, the processing of personal data could become necessary in order to protect vital interests of the data subject or any other natural person.
 

11. Glossary

The Data Protection Declaration of Humboldt-Universität zu Berlin is based on the terms that have been used by the European body issuing directives and regulations when passing the General Data Protection Regulation. Our Data Protection Declaration is intended to be easily readable and understandable. In oder to guarantee this, we would like to explain the terms used at this point.

In this Data Protection Declaration we have, amongst others, used the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is every identified or identifiable natural person the personal data of which are processed by the data controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorized to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.