Privacy

Privacy policy

 

This privacy policy (last updated: May 2018) applies to the central portion of the Ruhr-Universität Bochum (RUB) websites (http://www.ruhr-uni-bochum.de/http://www.rub.de/.) On decentralised pages (likewise www.ruhr-uni-bochum.de or www.rub.de), other data protection policies may apply in some cases; they are specified accordingly.

In the event of differences between the German and English versions, the German wording shall prevail.

NAME AND ADDRESS OF THE DATA CONTROLLER

The data controller in accordance with the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is as follows:

Ruhr-Universität Bochum
The Rector
Universitätsstraße 150
44801 Bochum
Germany

Phone: +49 234 32 201
Fax: +49 234 32 14201

Email: webmaster@ruhr-uni-bochum.de
Website: www.ruhr-uni-bochum.de

 

NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

Ruhr-Universität Bochum
Dr. Kai-Uwe Loser
Data Protection Officer
Universitätsstraße 150
44780 Bochum

Phone: +49 234 32 28720

Email: dsb@rub.de

Website: dsb.ruhr-uni-bochum.de

 

 

GENERAL INFORMATION ON DATA PROCESSING

1. Scope of the processing of personal data

As a rule, we collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The regular collection and use of our users’ personal data is only carried out with the user’s consent. An exception applies in those cases in which it is not possible to obtain prior consent for objective reasons and data processing is permitted by legal regulations.

2. Legal basis for the processing of personal data

In cases where we obtain the consent of the data subject for processing operations involving personal data, art. 6 para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In cases where the processing of personal data is necessary in order to perform our duties which are in the public interest or in the exercise of official authority, art. 6 para. 1 (e) of the GDPR serves as the legal basis.

 

3. Data deletion and storage period

The personal data of the data subject will be deleted or made inaccessible as soon as the purpose of the storage no longer applies. Data may also be stored if such storage has been provided for by the European or national legislator in EU regulations, laws or other provisions governing the data controller. The data will also be made inaccessible or deleted if the storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

 

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and scope of data processing

Each time our website is accessed and each time a file is retrieved from the RUB website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the type of browser and the version used

  • The user’s operating system

  • The user’s internet service provider

  • The user’s IP address

  • Date and time of access

  • Websites from which the user’s system accesses our website

  • Websites that are accessed by the user’s system via our website

This data is likewise stored in the log files of our system. This data is not stored together with other personal data of the user.

 

2. Purpose of data processing and legal basis

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files in order to ensure the functionality of the website. Moreover, we use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

The legal basis for the temporary storage of the data and the log files is art. 6 para. 1 (e) of the GDPR.

 

3. Period of storage

The data is deleted as soon as it is no longer required for the purposes for which it was collected. Where data is collected for the purpose of providing the website, this is the case when the relevant session has ended.

Where data is stored in log files, this is the case after 24 hours at the latest. Storage beyond this period is possible. In such cases, the IP addresses of the users are deleted or alienated so that it is no longer possible to identify the client accessing the website.

 

4. Objection and erasure options

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

 

COOKIE USAGE

1. Description and scope of data processing

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user-friendly, more functional and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to block cookies in specific cases or in general, and to automatically delete cookies when you close the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored in accordance with art. 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in storing cookies in order to provide its services without technical errors and in an optimised manner. Any other cookies (e.g. cookies to analyse your surfing behaviour) that are stored are addressed separately in this privacy policy.

Cookie settings: Renew or change your cookie consent

 

ANALYSIS TOOL MATOMO (FORMERLY PIWIK)

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage. Matomo enables us to collect and analyse data on the use of our website by website visitors. This allows us to find out, for example, which page views occurred when and from which region. We also collect various log files (e.g. IP address, referrers, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is in accordance with art. 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertisements. Provided that consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively in accordance with art. 6 para. 1 (a) of the GDPR; consent can be revoked at any time.

CONTACT FORM AND E-MAIL CONTACT

1. Description and scope of data processing

Our website provides a contact form that can be used to contact us by e-mail. If a user uses this option, the data entered in the input mask is transmitted to us and stored.

The following data is also stored at the time the message is sent:

  • The user’s IP address

  • Date and time

In order for the data to be processed, your consent is obtained during the sending process by referring to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

The data transmitted in this context will not be passed on to any third parties. The data is used exclusively for processing the conversation in question.

 

2. Purpose of data processing and legal basis

We process the personal data from the input mask solely for the purpose of processing the initial contact. If the contact is made by e-mail, this constitutes the legitimate interest required for the processing of the data.

Any other personal data processed during the transfer process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Where the user has given their consent, the legal basis for the processing of the data is art. 6 para. 1 (a) of the GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is art. 6 para. 1 (e) of the GDPR.

 

3. Period of storage

The data is deleted as soon as it is no longer required for the purposes for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively resolved.

Any additional personal data collected during the transmission process will be deleted after a period of seven days at the latest.

 

4. Objection and erasure options

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of the correspondence will be deleted in this case.

 

RIGHTS OF THE DATA SUBJECT

If your personal data is processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:

Right of access

You may request confirmation from the controller as to whether personal data relating to your person is being processed by us.
If this is the case, you can request information from the controller about data that has in fact been processed and more, as follows:

  • the purposes for which your personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data relating to your person have been or will be disclosed;
  • the intended duration of the storage of the personal data relating to your person or, if specific information on this is not available, the criteria for determining the storage period;
  • the right to obtain the rectification or erasure of personal data concerning your person, the right to obtain the restriction of processing by the controller or the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • any available information about the origin of the data in cases where the personal data is not collected from the data subject.

You have the right to request information on whether the personal data relating to your person are transferred to a third country or to an international organisation. In this context, you may request to be informed about the applicable safeguards pursuant to art. 46 of the GDPR in connection with the transfer.

 

Right to rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data concerning your person that has been processed is inaccurate or incomplete. The controller must carry out the rectification without delay.

 

Right to restrict processing

You may request that the processing of personal data concerning your person be restricted under the following conditions:

  • if you contest the accuracy of the personal data concerning your person for the time necessary to enable the controller to verify the accuracy of your personal data;
  • the processing is unlawful and you object to the erasure of your personal data and request instead the restriction of the use of your personal data;
  • the controller no longer needs your personal data for the purposes of the processing but you need them in order to assert, exercise or defend legal claims; or
  • if you have objected to the processing pursuant to art. 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data concerning your person has been restricted, such data may be processed, with the exception of storage, only with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or on grounds of an important public interest of the European Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

 

Right to erasure (“right to be forgotten”)

Obligation to erase:

You may request the controller to erase the personal data concerning your person without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

  • The personal data concerning your person are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent which constituted the basis for the processing pursuant to art. 6 para. 1 a or art. 9 para. 2 (a) of the GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to art. 21 para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to art. 21 para. 2 of the GDPR.
  • The personal data concerning your person have been processed unlawfully.
  • The erasure of the personal data concerning your person is necessary for compliance with a legal obligation under European Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning your person has been collected with regard to information society services provided in accordance with art. 8 para. 1 of the GDPR.

 

Information to third parties:

Where the controller has made public the personal data concerning your person and is obliged to erase it pursuant to art. 17 para. 1 of the GDPR, they shall take reasonable steps, including technical measures, with due regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested them to erase in their entirety, including all links to, as well as copies or replications of such personal data.

 

Exceptions:

The right to erasure does not exist where the processing is necessary

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under European Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • on grounds of public interest pertaining to public health in accordance with art. 9 para. 2 (h) and (i) as well as art. 9 para. 3 of the GDPR;
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 of the GDPR, provided that the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  • for the assertion, exercise or defence of legal claims.

 

Obligation to notify in the event of rectification or erasure

If you have asserted the right to rectification, erasure or restriction of processing towards the controller, the controller is obliged to notify all recipients to whom the personal data concerning your person have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You are entitled to be informed of these recipients by the controller.

 

Right to data portability

You have the right to receive the personal data concerning your person that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  • the processing is based on consent pursuant to art. 6 para. 1 (a) of the GDPR or art. 9 para. 2 (a) of the GDPR or on a contract pursuant to art. 6 para. 1 (b) of the GDPR and
  • the processing is carried out with the help of automated methods.

In exercising this right, you also have the right to have the personal data concerning your person transferred directly from one controller to another controller, provided that this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Right to object

For reasons arising from your personal situation, you have the right to object at any time to the processing of personal data concerning your person on the basis of art. 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning your person unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning your person is processed for the purposes of direct marketing, you have the right to object at any time to the processing of such personal data for the purposes of such marketing; this also applies to profiling where it is related to such direct marketing.

Should you object to the processing for the purposes of direct marketing, the personal data concerning your person will no longer be processed for these purposes.

In the context of using information society services, notwithstanding Directive 2002/58/EC, you are entitled to exercise your right to object by means of automated procedures that use technical specifications.

 

Right to revoke your consent in accordance with data protection law

You have the right to revoke your consent in accordance with data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out as a result of the consent up to the point of revocation.

 

Automated decision in individual cases including profiling

Does not occur.

 

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, specifically in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning your person infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with art. 78 of the GDPR.

The supervisory authority competent for RUB is the State Commissioner for Data Protection and Freedom of Information (NRW)