Main content

Top content

Privacy policy

§ 1 Information about data collection on our website

(1) The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data are all data by which you can be personally identified e.g. name, address, e-mail address, usage of the web.

(2) Responsible party (art. 4 section 7 GDPR) is the University of Osnabrueck

Responsible party (art. 4 section 7 GDPR) is the University of Osnabrueck 

Represented by the president Prof. Dr. Susanne Menzel-Riedl

Neuer Graben 29 / Schloss
49074 Osnabrueck
Phone: +49 541 969 0
onlineredaktion@uni-osnabrueck.de

Our data protection officer (DPO) Dipl.-Kfm. Björn Voitel is reachable using the following contact data: Nelson-Mandela-Straße 4, 49076 Osnabrueck, Phone: +49 541 969 7880, datenschutzbeauftragter@uni-osnabrueck.de

(3) If you get in contact with us via e-mail or using a contact form, your provided personal data (your e-mail-address and – if provided – your name and phone number) will be saved to answer your inquiries. The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

(4)If we rely on external data processors to provide our services, we will inform you in detail about these processes and the retention policies.

§ 2 Your rights with regard to your data

(1) You have the following rights with regard to your data:

Right of information about your data

You can request confirmation from the responsible party as to whether personal data relating to you is being processed by us.

If such processing is the case, you can request information from the responsible party about the following actually processed data and beyond:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to rectification or eradication of your personal data, a right to restrict processing by the responsible party or a right to object to this processing;
  6. the right to log a complaint with a competent supervisory authority;
  7. all available information on the origin of the data if the personal data are not collected from the data subject..

Right of rectification

You have a right of rectification and / or completion against the responsible party, provided that the processed personal data concerning you is incorrect or incomplete. The responsible party must make the rectification immediately.

Right of eradication

You can request the responsible party to delete the personal data concerning you immediately, and the responsible party is obliged to delete this data immediately if one of the following reasons applies:

  1. The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed..
  2. You revoke your consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  3. You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.
  4. The personal data concerning you have been processed unlawfully..
  5. The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the responsible party is subject to.
  6. The personal data relating to you was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.

Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

Exceptions

The right of eradication does not exist if processing is necessary

  1. to exercise the right to freedom of speech and information;

  2. to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the responsible party is subject to, or to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the responsible party;

  3. for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;

  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
  5. for the establishment, exercise or defense of legal claims.

Right to restriction of processing

You can request the restriction of the processing of your personal data under the following conditions::

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the responsible party to check the accuracy of the personal data;

  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

  3. the responsible party no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or

  4. if you have objected to processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible party outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a Member State.

If the processing been restricted according to the requirements mentioned above, you will be informed by the responsible party before the restriction is lifted.

Right to object the processing

You have the right, for reasons that arise from your particular situation, at any time to object to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object this processing; this also applies to profiling based on these provisions.

The responsible party will no longer process the personal data relating to you unless they can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

There is no right to data portability in the public sector. (Article 20, paragraph 2, p. 2 GDPR)

(2) In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

The responsible supervisory agency for the University of Osnabrueck is:
Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover, Phone: +49 511/120-4500, poststelle@lfd.niedersachsen.de

§ 3 Collection of personal data when you visit our website

(1) If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security.

  • IP adress
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Page content
  • HTTP status code
  • Trafficvolume (bytes)
  • Referrer
  • Browser
  • Operating System and screen size
  • Browser language and version.

(2)) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the place that sets the cookie (in this case by us). Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(3) Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (refer to b)

  • Persistent cookies (refer to c).

b) Transient cookies are necessary for the basic functions of a website. The transient cookies include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c)) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and e.g. reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website in that case.

e) We use cookies so that we can identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

(4) Data protection provisions on the application and use of social media
The website of the University of Osnabrück contains links to various social media platforms such as Youtube, Instagram, Twitter, Facebook and the like. a. integrated. However, this is not an integration of data such as the "Like" button, but links to the external presentation of the university on the relevant platform. The University of Osnabrück does not store any data relevant to data protection.

If external content from a provider, such as YouTube, Instagram, Twitter, Facebook, etc. is integrated into a university website (via iframe or in a similar way), reference is also made to the data protection guidelines of the respective service. The passage is for example:

"Facebook / Twitter uses cookies that can be used for advertising. The data protection guideline of Facebook / Twitter applies without restriction to the use."
However, this rule only applies if the service is embedded. In the case of a simple link to a university Facebook profile, the above passage does not have to be given.

You can find the data protection provisions of the social networks at the following URLs:

YouTube: https://policies.google.com/privacy
Instagram: https://instagram.com/about/legal/privacy/
Twitter: https://twitter.com/de/privacy
Facebook: https://de-de.facebook.com/privacy/explanation

(5) YouTube with extended data protection
This website includes videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland
We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube - regardless of whether you are watching a video - connects to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to this website. This information may be a. used to collect video statistics, improve usability and prevent fraud attempts. The cookies remain on your device until you delete them.

If necessary, after the start of a YouTube video, further data processing operations can be triggered over which we have no influence.

You can find more information about data protection at YouTube in their data protection declaration at: https://policies.google.com/privacy