Humboldt-Universität zu Berlin

Data Protection Statement

We appreciate your interest in our online presence. The protection of your personal data is very important to us. It is possible to use our websites without providing any personal data. When you make use of special services on our websites, however, it may be necessary for us to process your personal data. If this does prove necessary and there is no statuatory basis for this processing, we generally obtain your consent.

The processing of personal data, for example, of a person’s name, street address, email address or telephone number, is always performed in accordance with the EU General Data Protection Regulation (EU-GDPR) and in compliance with the Berlin Data Protection Act (BlnDSG). The following data protection statement is intended to inform you about the type, scope and purpose of the personal data we collect. Moreover this data protection statement also explains your rights.

The Data Protection Statement of Humboldt-Universität zu Berlin is based on the terms used by European legislators in issuing the General Data Protection Regulation. These terms are explained in a glossary at the end of this document.

 

1. Name and address of the data controller


The controller in the sense of the General Data Protection Regulation is:

Humboldt-Universität zu Berlin
The President
Prof. Dr. Julia von Blumenthal
Unter den Linden 6
10099 Berlin

Phone: +49 (30) 2093-2100
email: praesidentin@hu-berlin.de
Website: www.hu-berlin.de/en/institutions/leadership/institutionalLeadership?set_language=en
 

2. Name and address of the data protection officer


The Data Protection Officer of Humboldt-Universität zu Berlin is:

Gesine Hoffmann-Holland
Phone: +49 (30) 2093-20020
email: datenschutz@uv.hu-berlin.de
Website: www.hu-berlin.de/de/datenschutz

 

3. Data processing and processing purposes

For each visit to the website of Humboldt-Universität zu Berlin by a data subject or an automated system, the website collects a series of general data and information. These general data and information are stored on the log files of the server. The following are collected: (1) the type and version of the browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (HTTP referer), (4) the subsites that are accessed on our website via an accessing system, (5) the date and time of access to our website, (6) the Internet Protocol address (IP-address) with the final digits removed to make it anonymous and (7) other similar data and information that facilitate an emergency response in case of attacks on our information technology systems.

In using these general data and information, Humboldt-Universität zu Berlin makes no inferences about the data subject. This information is necessary in order (1) to correctly provide the contents of our website, (2) to optimize the contents of our website, (3) to ensure the continuous functionality of our IT system and the technology of our website and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the case of a cyber attack. These anonymously recorded data and information are evaluated by Humboldt-Universität zu Berlin statistically as well as with the goal of increasing data protection and data security at our institution in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

If a data subject contacts the data controller via email or contact form, the personal data of that data subject are automatically stored. These personal data, provided voluntarily by a data subject, are stored for the purpose of processing or of contacting the data subject. These personal data are not shared with a third party.

 

4. Erasing and blocking personal data

The personal data collected by us will be processed and saved only for as long as is necessary to achieve the storage purposes or as laws and regulations require. The log data mentioned in (3) will be erased after one week.

 

5. Rights of the data subject (withdrawal, access, rectification, erasure)

Every subject whose personal data is processed has, according to the law, the right to demand free of charge from the data controller access or confirmation regarding the personal data stored about them. Moreover there is a right to the rectification of inaccurate personal data without undue delay and a right to erasure; there is also a right to restriction of processing and a right to object to processing.

Consent to the processing of personal data can be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

There is a right to keep the personal data provided by the data subject in a structured, commonly used and machine-readable format, and to transmit it to another controller.

Furthermore without prejudice to any other administrative or judicial remedy, complaints can be submitted to a Member State supervisory authority if there are any doubts about the lawfulness of the processing of personal data.

 

6. Cookies

The websites of Humboldt-Universität zu Berlin use cookies. Cookies are text files that are set and stored on a computer system via a web browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie, consisting of a string of characters that websites and servers associate with the specific browser on which the cookie is stored. This allows the websites and servers to distinguish the individual browser of the data subject from other browsers that store different cookies. A specific browser can be recognized and identified by its unique cookie ID.

The use of cookies allows Humboldt-Universität zu Berlin to provide a more user-friendly service than would be possible without cookies. You do not, for example, have to select your preferred language every time you visit our site. The duration of our cookies is limited to a respective session. This means that when you close your browser completely, these cookies are deleted.

You can prevent our website from setting cookies at any time by selecting the appropriate configuration in your browser to always refuse cookies. Moreover previously set cookies can be deleted at any time through a browser or other software program. This is possible on all standard browsers.

 

7. Data protection provisions for the use and application of social media

Links to various social media platforms such as Facebook, Twitter, Instagram, etc. have been integrated into the HU websites. However, on the central HU websites there has not been an integration of data such as the ‘like’ button, but only of links to the respective external presentation of our institution on the corresponding platform. No data that are relevant to data protection are stored. There are web presences of HU facilities that deviate from this model.

 

8. Data protection provisions for the use and application of web analytics tools

The web analytics application ‘Matomo’ has been integrated into a number of HU websites. Web analytics is the measurement, collection and analysis of data about the behaviour of website visitors. Among other things, a web analytics tool collects data about which website a data subject used to reach a website (HTTP referer), the particular subpages of the website that have been accessed and how often and for what duration a specific subpage has been viewed. Web analytics are used primarily to optimize a website.

The ‘Matomo’ software runs on a server of the HU Computer and Media Service (CMS). The log data relevant for data protection are stored exclusively on this server. We use data about the usage of our website only in anonymised form.

Matomo uses cookies, which enable an analysis of the website. To this end the usage information obtained through the cookie (including your abbreviated IP address) is transmitted to our server and stored for the purposes of user analysis. In this process your IP address is immediately anonymised so that you remain anonymous to us as a user. The information obtained through the cookie about your usage of this website is not shared with third parties. You can prevent the use of cookies by selecting the appropriate browser configuration.

If you do not consent to the storage and evaluation of these data about your visit, you can subsequently object to storage and evaluation per mouse click. An opt-out cookie will be set in your browser and as a result Matomo will not collect any session data. Please note: When you delete your cookies, you also delete your opt-out cookie and must reactivate it if you want to opt out again.

Further information and the current data protection provisions of Matomo can be found at http://matomo.org/docs/privacy/.

 

9. Data protection provisions for the use and application of ‘Mindbreeze’

The application ‘Mindbreeze’ has been integrated into a number of HU websites. Mindbreeze is purchasable software for the full-text search of our webserver. The search appliance is installed on a server of the Computer and Media Service. The log data relevant for data protection are stored exclusively on this server. Mindbreeze uses cookies, which enable the analysis of the usage frequency and usage behaviour of our website visitors.

 

10. Newsletter

At various places on our Internet pages you will find the option of subscribing to a free newsletter, for example, the student newsletter (https://www.hu-berlin.de/de/service/hu_newsletter/newsletter_studierende). If you register for a newsletter, the email address you provide on the form will be submitted to our list server. The list server also stores the date of list registration. In order to process the data, your consent is obtained in this registration process through a double opt-in procedure. It is not enough to simply enter your email address into the web form. You become a subscriber to the list only when you have clicked the confirmation link in the invitation email that has automatically been sent by the list server. A newsletter will be sent to your address only after this has occurred. The delivery of newsletters is carried out with the assistance of the SYMPA list server installed on the CMS. Your email address is NOT shared with third parties.

You can end your subscription to the newsletter at any time by unsubscribing from the same webpage you used to subscribe. Your data will then be removed automatically from the list. Every newsletter sent to you contains a link to the unsubscribe form.

The employee newsletter is a second type of newsletter. This newsletter is sent to the email addresses of all employees in the central HU employee database (ZIS). The legal basis for this is a valid HU employment contract. According to this contract, university management has the right to send information to its employees. However, at the bottom of every newsletter there is a reference to the possibility of unsubscribing to the newsletter. Removal from the list occurs either by unsubscribing or by deletion from the ZIS.

 

11. The legal basis of processing

The processing of personal data is always performed in accordance with the EU General Data Protection Regulation (EU-GDPR) and in compliance with the Berlin Data Protection Act (BlnDSG). If the data processing is based on your consent, the processing is lawful pursuant to Art. 6 para. 1 lit. a GDPR (e.g. newsletter subscriptions).

Data processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract is lawful pursuant to Art. 6 para. 1 lit. b GDPR (e.g. event registration). If the data processing is necessary for compliance with a legal obligation to which the Humboldt-Universität zu Berlin is subject, the processing is lawful according to Art. 6 para. 1 lit. c GDPR (e.g. statutory storage obligations).

If the data processing is necessary in order to protect the vital interests of the data subject or of another natural person, the processing is lawful according to Art. 6 para. 1 lit. d GDPR. As far as the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Humboldt-Universität zu Berlin, the processing is lawful according to Art. 6 para. 1 lit. e GDPR (e.g. processing of examinations).

If the data processing is necessary for the purposes of the legitimate interests pursued by the Humboldt-Universität zu Berlin, the processing of data is lawful pursuant to Article 6 paragraph 1 lit. f GDPR, (e.g. the data processing as listed in 3.), unless interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, take precedence.

 

12. Glossary

The Data Protection Statement of Humboldt-Universität zu Berlin is based on the terms used by European legislators in issuing the General Data Protection Regulation. Our Data Protection Statement is intended to be easily readable and comprehensible. To this end we would like to explain the terms that have been used here.

We have used the following terms in our data protection statement:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the data controller.

c) ) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, selection, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting in the use personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or data controller

Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or other body, to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

j)Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorized to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

13. Privacy Policy for the Facebook page

The declaration as pdf is available for download.

 

14. Privacy Policy for Eye-Able

Eye-Able® is a software of Web Inclusion GmbH to ensure barrier-reduced access to information on the Internet for all people. The necessary files like JavaScript, stylesheets and images are loaded from an external server. Eye-Able uses the local storage of the browser to save the settings when functions are activated. All settings are only stored locally and are not transferred further.

To prevent attacks and to provide our service in near real time Eye-Able® uses the Content Delivery Network (CDN) of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). This is used for the purpose of fulfilling contracts with our customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). All transmitting data and servers remain in the EU at all times to enable data protection-compliant processing in accordance with DSGVO. Web Inclusion GmbH does not collect or analyze personal user behavior or other personal data at any time.

In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded contracts for commissioned processing with our hosters IONOS and BunnyWay.

You can find more information in
https://eye-able.com/datenschutz/
https://bunny.net/privacy