Privacy notice

Data protection information / data protection declaration

1. Responsible body under data protection laws:

University of Stuttgart
Keplerstraße 7
70174 Stuttgart
Germany
Telephone: +49 711 685-0
Email: poststelle@uni-stuttgart.de

2. Data protection officer:

University of Stuttgart
Data protection officer
Breitscheidstr. 2
70174 Stuttgart
Tel: +49 711 685-83687
Fax: +49 711 685-83688
Email: datenschutz@uni-stuttgart.de

3. Introductory notice

This information concerning data protection / this data protection declaration relates to the web servers of the University of Stuttgart (in particular www.uni-stuttgart.de), which is operated by the Technical Information and Communications Services of the Information and Communications Center of the University of Stuttgart with the web content management system OpenCms. There are also web servers which are operated by the Technical Information and Communications Services where the administration is the responsibility of various departments. These web servers, as well as those which are operated by institutes and faculties may handle personal data differently and have different data protection declarations accordingly.

4. Unless otherwise stated on the respective websites, personal data is gathered as follows:

+-

4.1.1 Description and categories of data

Should you access this or other websites, you transfer data to our web server via your browser. The following data is temporarily recorded in a log file whilst a connection is established:

  • IP address of the accessing computer
  • Date and time of the access
  • Name, URL and transferred data quantity of the accessed file
  • Access status (requested file transferred, not found etc.)
  • Browser type and operating system (if transferred by the requesting web browser)
  • Website from which the access took place (if transferred by the requesting web browser)

The processing of the data in this log file takes place as follows:

  • The log entries are continually automatically evaluated in order to recognize attacks against the web server and in order to be able to respond accordingly.
  • In individual cases, i.e. in case of reported disruptions, errors and security breaches, a manual analysis takes place.

In addition, when accessing websites, the date and time stamp, IP address + port (source), IP address + port (target) and the package size are recorded in the active network components of the University of Stuttgart.

4.1.2 Purpose

The temporary storage of the IP address by the system is necessary in order to deliver the website to the computer of the user. For this purpose, the IP address of the user must remain saved for the duration of the session.

Saving in a log file takes place in order to ensure the functional capability of the website. In addition, the data enables us to optimize the website and to ensure the security of our IT systems. IP addresses contained in the log entries are not combined with other data inventories, unless there are concrete indicators of a disruption to the correct operation.

The recording of active network components also enables us to ensure the security of the IT systems.

These purposes also represent our legitimate interest in the data processing in accordance with Article 6 Paragraph 1 Letter f) GDPR.

4.1.3 Legal basis

The legal basis for the temporary storage of the data and log files is Article 6 Paragraph 1 Letter f) GDPR.

4.1.4 Recipients

Should criminal investigations be initiated due to attacks against our IT systems, the data named under 4.1.1 and log files can be passed on to state investigative bodies (for example the police, criminal prosecution authorities).

The same applies if relevant authorities and/or courts make inquiries of the University and we are obliged to respond to these.

4.1.5 Storage duration

The data will be deleted once it is no longer necessary for the purpose for which it was gathered. In case of the recording of data for provision of the website, this is the case when the respective session has come to an end.

The storage of the data in log files is anonymized after seven days. This takes place by means of shortening the IP addresses.

4.1.6 Consequences of non-provision, right of objection and correction

The recording of data for provision of the website and the storage of data in log files is absolutely necessary in order to operate the website. Users who do not wish for their data to be processed as described can contact the University via alternative channels (by telephone, in written form, in person) in order to receive corresponding information or carry out actions.

4.2.1. Description and categories of data

Our website uses cookies. Cookies are text files which are saved in the Internet browser or by the web browser on the computer system of the user. Should a user access a website, a cookie can be saved in the operating system of the user. This cookie contains a character sequence, which enables a clear identification of the browser next time the website is accessed.

4.2.2. Purpose

Certain functions of our website cannot be provided without the use of cookies. For these, it is necessary for the browser to be recognized again after a change of page.

The user data which is gathered by the technically necessary cookies is not used in order to create user profiles.

These purposes also represent our legitimate interest in the processing of the personal data in accordance with Article 6 Paragraph 1 Letter f) GDPR.

4.2.3. Legal basis

The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 Letter f) GDPR.

4.2.4. Recipients

The only recipient of the information contained in the cookies is the entitled web server, i.e. the web server of the University which sets the cookie.

4.2.5. Storage duration

The duration of the saving of our cookies is as follows:

Session cookies are automatically deleted from your computer when you close your browser.

As the cookies are saved on your end device, you also have the option of deleting these earlier. You can find out more about this below.

4.2.6. Consequences of non-provision, right of objection and correction

Cookies are saved on the computer of the user and transferred from this to our site. Therefore, you as the user also have full control of the use of cookies, regardless of the saving periods listed above. By altering the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it may be the case that not all of the functions of the website can be used in full.

4.3.1. Description and categories of data

We use the open source software tool Matomo (previously PIWIK) on our website. The software sets two cookies per visit to the web on the computer of the users:

  • One cookie to recognize users. The saved content of the cookie does not enable the person of the user to be traced (example:  "36f024c36c193b2f.1525433399.1.1525433726.1525433399.")
  • A session cookie which merely has "*“ as its content.

Should individual pages of our website be accessed, the following data will be saved:

  • Two bytes of the IP address of the accessing system of the user (the software is set up in such a way that the IP addresses are not saved in full, rather 2 bytes of the IP address are masked, for example: 168.xxx.xxx In this way it is no longer possible to assign the shortened IP address to the accessing computer).
  • The accessing website
  • The website from which the user accessed the website (referrer)
  • The subpages which were accessed from the website which was visited
  • The duration of the stay on the website
  • The frequency of the accessing of the website

Thereby the software only runs on the servers of our website. User data is only saved there. The data is not passed on to any third parties.

Personal data is only processed temporarily for as long as the full IP address is processed for saving in the storage memory.

4.3.2. Purpose

The processing of the personal data of users enables us to analyze the surfing behavior of our users. By evaluating the gathered data, we are in the position of being able to compile information relating to the use of the individual components of our website. This helps us continually improve our website and its user friendliness. These purposes also represent our legitimate interest in the processing of the data in accordance with Article 6 Paragraph 1 Letter f) GDPR. By means of the anonymization of the IP address, the interest of the users in the protection of their personal data is sufficiently safeguarded.

4.3.3. Legal basis

The legal basis for the temporary processing of the personal data until the shortened IP address is saved is Article 6 Paragraph 1 Letter f) GDPR. 

4.3.4. Recipients

None.

4.3.5. Storage duration

The cookie which recognizes users once again is valid for 13 months. The content does not enable the person of the user to be traced.

The session cookie is valid for 30 minutes.

As the IP address is already saved in shortened form, it no longer allows any connection to be made to the person of the user.

 

4.3.6. Consequences of non-provision, right of objection and correction

Cookies are saved on the computer of the user and transferred from this to our site. Therefore, you as the user also have full control over the use of cookies. By altering the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it may be the case that not all of the functions of the website can be used in full.

 

Our website observes the "do not track" setting in your browser. Should your browser not offer a "do not track setting" and should you not agree to the storage and evaluation of your access data by Matomo, please click on the text in bold below in order to deposit the Matomo deactivation cookie in your browser.

 

Note: Should you delete your cookies, this will mean that the opt-out-cookie is deleted and will need to be activated by you again.

5. Your rights

  • You have the right to receive information from the university concerning the data saved in relation to your person and/or to have incorrectly saved data corrected.
  • In addition, you have the right to deletion or to have the processing restricted or to object to the processing.

For this purpose, please contact the data protection officer of the University of Stuttgart:
datenschutz@uni-stuttgart.de

  • You have the right to complain to the supervisory authority, should you be of the opinion that the processing of the personal data relating to you breaches legal regulations.

The competent supervisory authority is the State Data Protection and Freedom of Information Officer of Baden-Württemberg  - Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

6. Additional information relating to social media elements

On our website, components of various third-party providers are used in order to provide additional content. For example, these include YouTube and Vimeo videos, as well as share and like buttons of social media platforms.

 

If we were to directly integrate the social medial elements made available by the third-party providers into the website, then when loading the website in which they are integrated, the URL of the website which has just been loaded, the IP address and any other information (for example browser type) would be transferred to the third-party provider and cookies may be set by the third-party provider also. This would also happen if you are not registered with the third-party provider or are a member of it.

 

If you were also logged into the third-party provider when accessing the website, it would be able to assign additional information to your user account (for example which video you are accessing, which commentary you submit and what information you share etc.).

 

Therefore, it is the case that social media elements of third-party providers are not directly integrated into our websites. Rather, solutions are used which only establish a connection to the server of the third-party provider once the social element has been intentionally clicked on and only then is the associated data processing carried out.

 

Please bear in mind that the data processing which is carried out as a result is outside of the area of control of the university and the data protection provisions of the third-party providers must be observed.

You can find some of the data protection provisions here:

http://www.google.com/intl/de/policies/privacy/

https://vimeo.com/privacy

https://www.facebook.com/policy.php

http://twitter.com/privacy

https://www.linkedin.com/legal/privacy-policy

Should you not agree to data processing by the third-party provider as described above, please do not click on the social media element.