Privacy policy

 1. Name and address of the responsible controller

The responsible controller as defined in the EU General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection-related provisions is:

Universität Münster / University of Münster
represented by its Rector, Prof Dr Johannes Wessels,
Schlossplatz 2, 48149 Münster, Germany
Tel.: + 49 251 83-0
Email: verwaltung AT uni-muenster DOT de

 2. Name and address of the data protection officer

The data protection officer appointed by the responsible controller is:

Nina Meyer-Pachur
Schlossplatz 2, 48149 Münster, Germany
Tel.: + 49 251 83-22446
Email: datenschutz AT uni-muenster DOT de

3. General information on data processing

We collect and use the personal data of our users insofar as necessary for operating a functional website and delivering our content and services, and to the extent to which the law permits.

Legal basis for processing personal data

Whenever we obtain the consent from a data subject to process personal data, Art. 6 (1 a) GDPR serves as the legal basis for processing this personal data.

Whenever processing such data is necessary for compliance with a legal regulation, to which the University of Münster is subject, Art. 6 (1 c) GDPR serves as the legal basis.

In cases for which processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6 (1 d) GDPR serves as the legal basis.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Münster, Art. 6 (1 e) GDPR serves as the legal basis for processing this data.

If processing is necessary for safeguarding the legitimate interests of the University of Münster or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1 f) GDPR serves as the legal basis for processing this data. This does not apply to processing tasks which the University of Münster is obliged to perform as a public authority.

Duration of storage of personal data

We reserve the right to retain the data subject’s personal data for as long as the purpose of such storage exists. If processing is permitted on the basis of the subject’s consent, his/her personal data is only stored until the data subject withdraws his/her consent, except in cases where processing is governed by a different legal basis.

Right to rectification and erasure of personal data

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The data subject also has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay as soon as the purpose of storage is no longer necessary. In cases where data processing is performed on the basis of consent, the right to erasure exists if the data subject withdraws his/her consent and no other legal grounds exist for processing the data.

Personal data must be erased if the data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or if the personal data has been unlawfully processed, or if the personal data must be erased in order to comply with a legal requirement mandated by an EU or member state law, to which the University of Münster is subject.

The right to erasure as put forth in the cases stated above does not apply, however, if it would prevent compliance with a legal obligation which requires processing by European Union or member state law, to which the University of Münster is subject, or hinder the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Münster, or if extended storage is necessary for the establishment, exercise or defence of legal claims.

Right to withdrawal

If permission to process personal data was granted by the consent of the data subject, he or she may withdraw his/her consent at any time. All processing of personal data performed prior to withdrawal remains lawful irrespective of the subject’s withdrawal.

Right to information

The data subject has the right to obtain confirmation from the University of Münster whether it is processing any personal data concerning him or her. If such is the case, the data subject has a right to information regarding the type of personal data and the purpose for which it is being processed. The data subject also has the right to obtain information on the duration of the planned storage of his/her data, or on the criteria for determining how long his/her data is to be stored.

SSL and /or TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

4. Provision of the website and creation of log files

Scope of data processing

For every access query to our website, our server automatically collects data and information from the querying computer system. 
The following data is collected in this process:

1. information on the browser type and version
2. the user’s operating system
3. the user’s Internet service provider
4. the user’s IP address
5. the date and time of the query
6. websites from which the user’s system was directed to our website
7. websites which the user’s system accesses via our website

This data is compiled in log files and saved on our server. No further personal data is stored together with the log file data.

Legal basis for processing

The legal basis for temporarily processing data and log files is provided in Art. 6 (1 f) GDPR.

Purpose of processing

The temporary storage of the IP address on our server is necessary for granting the user’s system access to our website. For this purpose, the user’s IP address must remain stored on our server for the duration of the session.

Data storage in log files is required to ensure the functionality of the website. Furthermore, the data enables us to optimise the website and guarantee the security of our IT systems. Data analysis for marketing-related purposes is not performed in this context.

These purposes correspond to the legitimate interests of data processing as indicated in Art. 6 (1 f) GDPR.

Duration of storage of personal data

The data is erased at the conclusion of the respective session.

All data stored in log files is erased within seven days. A longer period of data storage is possible. In such cases, the user’s IP address is erased or anonymised in such a way that renders it impossible to identify the querying client.

5. Use of cookies

Scope of data processing

Our website uses cookies. Cookies are small text files saved on or by the web browser, installed on the user’s computer system. Cookies are often saved on the user’s operating system whenever a user accesses a website. The file contains a distinctive sequence of characters which enables the website to correctly identify the user’s browser when the site is visited again.

We use cookies to improve the user friendliness of our website. Some elements on our website make it necessary to identify a querying browser after a page change.

Legal basis for processing

The legal basis for processing personal data using technically necessary cookies is provided in Art. 6 (1 f) GDPR. The legal basis for processing personal data using cookies for other purposes for which respective consent is granted by the user is provided in Art. 6 (1 a) GDPR.

Purpose of processing

The purpose of using technically necessary cookies is to make it easier for the client to use the website. Some functions on our website cannot be offered without cookies. Such functions require the browser to identify the user after a page change. These purposes correspond to the legitimate interests of processing personal data in accordance with Art. 6 (1 f) GDPR.

Cookies are required for the following applications:

1. single sign-on
2. assigning login sessions to specific servers (“sticky sessions”)

The user data collected with technically necessary cookies is not used for creating user profiles.

Duration of storage of personal data

Cookies are saved on the user’s computer which transfers them to our server. Consequently, as the user, you have complete control over how cookies are used by your system. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies to external websites. You can also delete all saved cookies on your system at any time. Restrictions on cookie usage can be managed automatically by your browser. If you choose to deactivate cookies for our website, it may prevent you from taking full advantage of all the features offered on this website.

6. Hosting

We are hosting the content of our website at the following provider:

All-Inkl

The Provider is the ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl”). For details, please visit the privacy policy of All-Inkl: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable representation of our website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

7. Analysis tools

WP Statistics

This website uses the WP Statistics analysis tool to evaluate visitor accesses statistically. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

WP Statistics can be used to analyze the use of our website. In doing so, WP Statistics records, among other things, log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that the website visitors have taken on the site (e.g. clicks and views).

The data collected with WP Statistics is stored exclusively on our own server.

The use of this analysis tool is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our websites and our advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

IP anonymization

We use WP Statistics with anonymized IP. Your IP address is shortened so that it can no longer be directly assigned to you.

 8. Plug-ins and Tools

 Wordfence 

We have included Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence is designed to protect our website from unwanted access or malicious cyberattacks. To accomplish this, our website establishes a permanent connection with Wordfence’s servers, which check and block their databases against access to our website.

The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of his website against cyberattacks. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.wordfence.com/help/general-data-protection-regulation/.

9. Email contact

Scope of data processing

On our website, users can personally contact the University via email by using the email address provided for such purposes. In this case, the email together with the user’s personal data is saved on our server.

The user’s personal data is not shared with third parties in this context. The data is exclusively used for purposes of establishing and maintaining contact with the user.

Legal basis for processing

The legal basis for processing the user’s personal data, acquired as a result of the user sending an email, is provided in accordance with Art. 6 (1 f) GDPR.

Purpose of processing

The user’s personal data is processed only for the purpose of establishing and maintaining contact with the user. This corresponds to the legitimate interests of processing personal data in accordance with Art. 6 (1 f) GDPR.

Duration of storage of personal data

All personal data sent to us via email is deleted as soon as the respective dialogue with the user is concluded. The dialogue is deemed concluded when circumstances indicate that the issue in question has been clarified to the satisfaction of all parties.

10. Use of social media plugins

Scope of data processing

Our website uses social media plugins of various providers. When you access a page from our website which contains such a plugin, your browser establishes a direct connection to the servers of the respective provider. The content of the plugin is directly transmitted to your browser which integrates it into the website.

Plugins enable the providers to know that you have accessed the respective page on our website. If you are logged in with the corresponding provider, the provider has the ability to assign this information to your account.

• Terms of service – Twitter
• Privacy policy – Twitter
• Terms of service – Youtube
• Privacy policy – Youtube/Google

Legal basis for processing

The legal basis for processing the user’s personal data is provided in Art. 6 (1 a) GDPR.